search for: robertgraham

...to incorporate parsefw into the Bering Weblet application. (weblet.lrp) I also had newbies in mind, so I included text descriptions next to most of the currently exploited ports, and it created HTML links to the "Firewall Forensics" "Firewall FAQ" destination port section. (www.robertgraham.com/pubs/firewall-seen.html) The parser looks for lines having the text Shorewall in it, so it is possible to run this against a general syslog style logfile, or a Shorewall specific logfile. I''m using ulogd to make my life easier, but you may not have that available to you. I feel no s...

Thought some of you might find this useful. http://www.robertgraham.com/pubs/firewall-seen.html This document explains what you see in firewall logs, especially what port numbers means. You can use this information to help figure out what hackers are up to. This document is intended for both security-experts maintaining corporate firewalls as well as home user...

since a few days i have a huge number of ips trying to access something on UDP port 10619... i have a shorewall running on a dynamic dsl provider, which gets a new ip every 24 hours, so maybe those ips are trying to access some service, but i doubt it... anyone seen some activity on udp 10619 lately? is there some new trojan, virus or something floating around? they are flooding the logs with

How do I allow traceroute to reach my server? Pings work fine but traceroute stops at the last hop before my server. If I shut off the firewall it reaches it fine. PING danicar.net (24.222.246.120): 56 data bytes 64 bytes from 24.222.246.120: icmp_seq=0 ttl=237 time=104.0 ms 64 bytes from 24.222.246.120: icmp_seq=1 ttl=237 time=74.9 ms 64 bytes from 24.222.246.120: icmp_seq=2 ttl=237 time=90.6

Although the parameterized samples have allowed people to get a firewall up and running quickly, they have unfortunately set the wrong level of expectation among those who have used them. I am therefore withdrawing support for the samples and I am recommending that they not be used in new Shorewall installations. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \