Thanks for the respons!
But i'm using Windows only for my clients. The servers are running Linux or
FreeBSD. With iptables/linux i
used psad which is perfect for the job! But psad does'nt understand the
ipmon logformat. I can do something
with perl and/or grep on the remote (linux) logserver or so.... But still,
it would be a nice feature in
m0n0wall i think..... IMHO that is :-)
From: webmaster at ics dash group dot de [mailto:webmaster at ics dash group dot de]
Sent: Sunday, January 18, 2004 3:34 PM
To: 'Jan Koetze'
Subject: AW: [m0n0wall] Portscans
there is a way 2 act on several types of attacks for example but this is a
remote logging tool for windows so u need a windows client or server for
live monitoring if u want this. But the good thing in this tool is ... it
acts on every log m0n0wall send´s (if u filter this) and run scripts , Send
ICQ messages, send SNMP traps , Log into NT event log , Log to ODBC Database
, send Email and finaly log this to a local log file (txt,xml output).It
does lot more ... I love it ... maybee u 2
Cya Steven, Germany
Von: Jan Koetze [mailto:jan at koetze dot net]
Gesendet: Samstag, 17. Januar 2004 21:14
An: m0n0wall at lists dot m0n0 dot ch
Betreff: [m0n0wall] Portscans
First of all my compliments for this great product, after years of iptables
this is great!
But.... i want to be 'aware' so is it possible to send a email when a
portscan occurs (new feature i think)? And is it possible to block a
portscan (not the host just the scan)? Or a DoS attack for that matter.
I'm using the remote server logging option. Does anybody know a tool/script
which can convert a ipmon log (format) to something more human readable?
CAUTION - This message is intended for the use of the individual or entity
named above and may contain information that is confidential or privileged.
If you are not the intended recipient of this message you are hereby
notified that any use, dissemination, distribution or reproduction of this
message is prohibited and that you must not take any action in reliance on
it. If you have received this communication in error, please notify J.W.H.
Koetze (jan at koetze dot net) immediately and destroy the original message.
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch