lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 19 Jun 2007 12:36:00 -0700 (PDT)
From:	Marc Perkel <mperkel@...oo.com>
To:	Jan Engelhardt <jengelh@...putergmbh.de>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: How would I do this? (expert tricks) OT


--- Jan Engelhardt <jengelh@...putergmbh.de> wrote:

> 
> On Jun 19 2007 10:14, Marc Perkel wrote:
> >> 
> >> tcpdump -lni any port 25
> >> iptables -p tcp --dport 25 -j NFQUEUE
> >> ...
> >> 
> >
> >Thanks Jan, but I'm not sure it answers my
> question.
> 
> There's more than one way to do it.
> 
> One is...
> 	tcpdump -lni eth0 tcp [extra operands to match SYN
> packets] |
> 	myprogram
> 
> a longer one is to write your own netfilter
> userspace program
> that receives the TCP SYNs (by means of -j NFQUEUE)
> and does
> take action.
> 
> Another one is to use -j LOG and let your program
> parse
> down /var/log/firewall. Like
> 
> 	iptables -A INPUT -p tcp --dport 25 --syn -j LOG
> --log-prefix "[evil]"
> 	tail -f /var/log/firewall | grep '^\[evil\]' |
> myscript
> 
> myscript:
> #!/usr/bin/perl
> 
> while (defined(my $line = <>)) {
> 	my($ip) = ($line =~ /SRC=(\S+)/);
> 	# Do something
> }
> 
> >I want to run a script every time a connection
> attempt is made in real time
> 
> The scripts runs constantly, preferably.
> 
> >with the IP address as a parameter to the script.
> How would I do that? Suppose
> >my script is:
> >
> >iplog <ipaddress>
> >
> >
> >
> >
> >       
>
>____________________________________________________________________________________
> >Take the Internet to Go: Yahoo!Go puts the Internet
> in your pocket: mail, news, photos & more. 
> >http://mobile.yahoo.com/go?refer=1GNXIC
> >

Thanks Jan,

I think what you sent me is workable. I noticed it
goes to the file /var/log/messages. Is there a way to
make it go to a specific file? Thanks a lot for your
help. I've been experimenting with some new and very
interesting ways to catch spam and this could be yet
another breakthrough.






      ____________________________________________________________________________________
Shape Yahoo! in your own image.  Join our Network Research Panel today!   http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7 


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ