Re: [fwAnalog] Using fwanalog with a linksys BEFW11S4 or BEFSR41 broadband router

From: Balázs Bárány (balazs~AT~tud.at)
Date: Thu Sep 11 2003 - 23:34:03 CEST

• Next message: no1knows: "[fwAnalog] FW: Using fwanalog with a linksys BEFW11S4 or BEFSR41 broadband router"
• Previous message: no1knows: "[fwAnalog] Using fwanalog with a linksys BEFW11S4 or BEFSR41 broadband router"
• In reply to: no1knows: "[fwAnalog] Using fwanalog with a linksys BEFW11S4 or BEFSR41 broadband router"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello,

• no1knows <no1knows~AT~no1knows.com> [2003-09-11 22:09]:
  > = STRING: "~AT~out 192.168.1.3 1510 www.google.co.uk 80."
  

> I was wondering which logformat I could use, if any would be
Probably none of the existing ones. There are apparently thousands of possibilities a firewall can log its data, so if your system is not explicitly supported, then it is most likely unsupported.

Also, your firewall seems to resolve remote addresses. Fwanalog requires IP addresses. Also, name resolution during logging is a bad idea; an attacker can send you a large number of short packets with spoofed random sender addresses; your firewall will then DOS itself with the name resolution attempts.

Regards

-- 
_________________________________________________________________________
Balázs Bárány       balazs~AT~tud.at        http://tud.at       ICQ 10747763

A good engineer will make considerable effort to avoid additional effort.

• Next message: no1knows: "[fwAnalog] FW: Using fwanalog with a linksys BEFW11S4 or BEFSR41 broadband router"
• Previous message: no1knows: "[fwAnalog] Using fwanalog with a linksys BEFW11S4 or BEFSR41 broadband router"
• In reply to: no1knows: "[fwAnalog] Using fwanalog with a linksys BEFW11S4 or BEFSR41 broadband router"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Fri Sep 12 2003 - 01:02:03 CEST