Logging by port

Logging by port

Post by Dant » Thu, 21 Sep 1995 04:00:00



I'm relatively new to the whole Linux/Unix scene and I am wanting to
figure out how certain clients talk to a server.  I.E. What does "Lynx"  
send port 80 of the server it is querying.  Basically all I want to know
is if it is possible, and if so where can I find information on how-to,
log everything sent to a specific port.  Thanks in Advance, and please
e-mail any responses/flames.  Thanks again.

--
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+  Dante                          +-                                     -


-+-+-+-+-+-+-+-+-+http://www.dgsys.com/~dante/index.html-+-+-+-+-+-+-+-+-+

 
 
 

Logging by port

Post by A. van Kesse » Fri, 22 Sep 1995 04:00:00



>I'm relatively new to the whole Linux/Unix scene and I am wanting to
>figure out how certain clients talk to a server.  I.E. What does "Lynx"  
>send port 80 of the server it is querying.  Basically all I want to know
>is if it is possible, and if so where can I find information on how-to,
>log everything sent to a specific port.  Thanks in Advance, and please
>e-mail any responses/flames.  Thanks again.

Take a look at the tcp_wrap package by wietse venema, I think it
offers all that you need, and otherwise shou can start hacking.
It is available on lots of FTP-sites.

happy hacking,
Adriaan van Kessel.

 
 
 

1. missing log and port scanning

Soulds like you are the victim of a worm attack.
The current spate of worms simply deletes the log files to cover tracks.

check for a file called /usr/bin/adore (adore/red worm)

or look for the following directories: (indictaes the 1i0n worm is
present)
/usr/man/man1/man1/lib/.lib/
/usr/man/man1/man1/lib/.lib/.backup/
/usr/src/.puta/
/usr/info/.t0rn/

If any of the above exist, then you have been compromised.
There is only one real remedy for this, and that is to format the hard
drisk, and re-install your server, update all necessary packages,
disable/remove un-necessary services, install a good firewall, and learn
as much as you can about security.

Oh, and when you do re-install, use different passwords ... these worms
phone home with a whole stack of useful information about what you have
on your machine.

--
Regards
Luke
------
But it does move!
                -- Galileo Galilei
------
http://www.bell-bird.com.au
PLEASE NOTE: Spamgard (tm) installed.

------

2. Installing RPM package

3. logging serial port traffic

4. Keymaps

5. Possible to log portfw ports?

6. Any one programming w/ Qt?

7. Solaris 7 UFS logging back ported to 2.6

8. Setting telnet terminal type...

9. software to log serial port

10. ports/42449: New port: jakarta-log4j, a logging library for java

11. Check your ppp.log or ppp.tun0.log in /var/log

12. ipppd logs in /var/log/ipppd-auth.log ??

13. logging - "secure" logs don't tell me who is logging in?