FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 04-12-2008, 02:24 PM
Hose
 
Default Where are "Log AttacLog" emails coming from...

I have inherited the lovely duty of admin'ing a production server
running Etch. It's all very straightforward except for a phantom
installed package that is spitting out snort-esque emails to root
about perceived ongoing attacks. Unfortunately the only one it ever
seems to complain about is the "TearDrop Attack" which it really isn't
(it's just a strange network topology combined with some OS X users
using Bonjour). I am constantly getting emails with the subject line


Log AttackLog(from: [ip])

Followed by the relevant lines from some mysterious log file that I
can't find. Googling only shows that apparently whatever this package
is is also used on various firewall and router devices/firmwares, as
they also send out similar emails. I've dug through dpkg's installed
package list and even gutted out some log notifications packages, but
for the love of god, I can't seem to hit the right one. Does anyone
know which package this is? Either so I can edit its detection
ruleset or destroy it utterly...


hose


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 09:52 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org