From: Philip Reynolds (phil at domain redbrick.dcu.ie)
Date: Fri 26 May 2000 - 06:49:10 IST
Dave Burke's [dave at domain compsoc.com] 26 lines of dribble included:
:>I'm using iplog 2.1.1, and I noticed the following in my logs this
:>May 24 12:12:28 UDP: scan/flood detected from ns.iol.ie
:>May 24 12:14:16 UDP: scan/flood mode expired for ns.iol.ie - received a
:>total of 24 packets (816 bytes).
:>Now, I'm 99.999% certain that IOL are not scanning me, so presumably this
:>is just iplog being a little too anal in it's logging.
:>Does anyone have any config that I can add to my iplog.rules to tell it to
:>be a log a little less.
:>ATM, I've got it ignoring all TCP/UDP/ICMP traffic on the internal
:>network, and I'd prefer not to have to tell it to ignore all UDP traffic.
:>Should I just tell it to ignore port 53/udp traffic, which is presumably
:>whats coming from ns.iol.ie ?
Afaik you can't tell iplog to stop being anal ;P
You might be able to clean up the log files with logcheck .
IMHO your best bet is your last option ...
Philip Reynolds | Errors have occurred..
Redbrick Systems Administrator | We won't tell you where or why.
phil at domain redbrick.dcu.ie | Lazy Programmers.
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:06:16 GMT