Re: IP addresses in logfiles?

Find in this group all groups

Home Log In Sign Up FAQ

Unknown

more information…

m : macos-x-server@lists.apple.com

18 January 2006 • 11:42PM -0500

Re: IP addresses in logfiles?
by Dan Shoop

Google me that

REPLY TO AUTHOR

Google me that

REPLY TO GROUP

At 11:37 PM -0800 1/17/06, Dave Walcott wrote:
>On Jan 17, 2006, at 10:47 PM, Dan Shoop wrote:
>
>>You should be dropping this traffic at the network border, using
>>your firewall.
>
>Dropping what traffic, exactly?

SSH traffic from non-trusted hosts.

>The server, in this case, *is* the firewall, and SSH needs to be on.

Which is exactly your problem. You're using your server and a packet
filter to do the job of a firewall, which OS X Server isn't well
suited for.

>>Why should you need this? You should be DENYing any unknown traffic
>>and only ALOWing any trusted traffic.
>
>Correct: allowed traffic includes SSH, as above.

No, you want to be more restrictive, that's the point of a real firewall.

>  Firewalls (at least ones that my client can afford) can't
>intelligently parse traffic based on incorrect login attempts to a
>machine on the LAN.

Anyone can afford a firewall. I've mentioned just in the last week on
this list that the Linksys WRT54GS is quite capable when flashed with
third party firmware such as Svesofts' or OpenWRT. For under $75 you
can have what you need, and that $75 is money well spent in terms of
your time and effort trying to hurd this task elsewhere.

>>>Anyone know how I can get IP addresses to show up in my logs? Many
>>>thanks in advance...
>>
>>And what would you do with it if you had it?
>
>Have a look at the denyhosts FAQ to find out. Specifically, I'd
>"drop this traffic at the network border, using my firewall."

Which again is not a good idea.

>>I smell wool.
>
>That's nice, Dan, but do you know how to do it? :)

With a firewall at the border, not a server trying to pretend to do
the job. By the time the traffic gets to the server you're too late.
--

-dhan

------------------------------------------------------------------------
Dan Shoop                                                   AIM: iWiring
Systems & Networks Architect                     http://www.iwiring.net/
shoop@iwir...                                 http://www.ustsvs.com/
1-646-217-4725

pgp key fingerprint: FAC0 9434 B5A5 24A8 D0AF  12B1 7840 3BE7 3736 DE0B

iWiring provides systems and networks support for Mac OS X, unix, and
Open Source application technologies at affordable rates.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (Macos-x-server@list...)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/subscriber%40opensubscriber.com

This email sent to subscriber@open...

Bookmark with:

Delicious

Digg

Facebook

StumbleUpon

Related Messages

opensubscriber is not affiliated with the authors of this message nor responsible for its content.