[geeks] ipf/ipmon how-tos/guides
Mike Parson
mparson at bl.org
Thu Aug 12 12:03:37 CDT 2004
On Thu, Aug 12, 2004 at 12:00:45PM -0400, velociraptor wrote:
> OK, calling on the collective bookmarks of all you
> security geeks out there. :-)
>
> Any recommended URLs for reading up on deciphering
> ipf rules and/or ipf/ipmon logs?
>
> I am trying to decipher what I think is a slow probe of our
> web servers, but I didn't write the rules and haven't had that
> much experience reading ipf/ipmon logs, so am looking for
> some good guides.
>
> Google is coming up with large numbers of hits...but there is
> sorting the wheat from the chaff problem.
Yeah, it took me a while to get the goods on ipf, what I was wanting
was a nice config to start with, that I could fine-tune, and was
able to finally dig up this page:
http://www.cites.uiuc.edu/wsg/talks/ipfilter/
And of course, the ipf homepage:
http://www.obfuscation.org/ipf/ipf-howto.html
--
Michael Parson
mparson at bl.org
More information about the geeks
mailing list