BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

removing a Linux Keylogger

Subject: removing a Linux Keylogger
From: dsr at tao.merseine.nu (dsr at tao.merseine.nu)
Date: Mon, 25 Jul 2005 15:23:46 -0400
In-reply-to: <LGEBIKMPEODOJPJAMBHGKELNCDAA.lug@the-leveys.us>
References: <20050725170752.GN20841@tao> <LGEBIKMPEODOJPJAMBHGKELNCDAA.lug@the-leveys.us>

On Mon, Jul 25, 2005 at 02:29:29PM -0400, Don Levey wrote:
> Dan wrote:
> 
> So, then, adding this line in the middle:
> 
> iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
> --set
> iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
> -j LOG --log-level WARN --log-prefix REJECT-SSH --log-ip-options
> iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
> --update --seconds 60 --hitcount 4 -j DROP
> 
> Should allow me to log this also?

Certainly. I don't simply because Snort handles that for me.

Do you want to log all the attempts or just those which result
in actual DROPs?

-dsr-

Follow-Ups:
- removing a Linux Keylogger
  - From: warlord at MIT.EDU (Derek Atkins)

References:
- removing a Linux Keylogger
  - From: dsr at tao.merseine.nu (dsr at tao.merseine.nu)
- removing a Linux Keylogger
  - From: lug at the-leveys.us (Don Levey)

Prev by Date: Blocking port 25
Next by Date: Blocking port 25
Previous by thread: removing a Linux Keylogger
Next by thread: removing a Linux Keylogger
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org