10-16-2007
Quote:
Originally Posted by
JimJ
The one problem I can possibly see is if someone spoofed the address of a computer that you usually use to access the server.
Is it theoretically possible to create a DoS situation then? If not, let me know.
In the config-file, there is an "ignoreip" where you can exclude certain IP-addresses from being banned, you could put the admin-computer in there, I guess.
7 More Discussions You Might Find Interesting
1. Cybersecurity
REPLAY ATTACK.
Can some one elobrate on measures to encounter this problem of replay atack on network. (3 Replies)
Discussion started by: Ashvin Gaur
3 Replies
2. Cybersecurity
About 3 days ago our Apache logs started filling with the following errors:
mod_ssl: SSL handshake failed (server <weberver>:443, client 41.235.234.172) (OpenSSL library error follows)
OpenSSL: error:1408A0B7:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers specified
These initially were... (1 Reply)
Discussion started by: ccj4467
1 Replies
3. Cybersecurity
Hi,
I have a belkin router installed and a look at the security log has got me worried a little bit.
Security log:
Fri Jan 29 20:41:46 2010
=>Found attack from 68.147.232.199.
Source port is 58591 and destination port is 12426 which use the TCP protocol.
Fri Jan 29 20:41:46 2010 ... (1 Reply)
Discussion started by: jld
1 Replies
4. Cybersecurity
In my logs I find entries about attacks on my system. I know IP addresses, I know date and time and I know what they tried to do. So what's the best I can do now? Tell everybody that there are cybercriminals on that network? Write an email to their admin? Anything else? (10 Replies)
Discussion started by: Action
10 Replies
5. Cybersecurity
Is this an attack attempt? I got an e-mail from 'uucp Admin' last night and again this morning:
What does it mean and what can I do about it? Thanks (4 Replies)
Discussion started by: ctafret
4 Replies
6. UNIX for Dummies Questions & Answers
Hi everyone,
I've got an extensive collection of seismic files that I am trying to turn into workable subsurface data collection. It's all real-time history and it is being loaded onto the main linux computer from a collection of about 1000 CDs. There are about 4000 seismic files on each CD, and... (3 Replies)
Discussion started by: ws6transam
3 Replies
7. Emergency UNIX and Linux Support
Dear community,
my site was recently attacjed by DDOS technique and goes down in a few minutes. My site runs under Debian/Apache2/Mysql.
I identified the IPs who attack me and block it through iptable firewall from debian.
Something like:
iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP
This... (7 Replies)
Discussion started by: Lord Spectre
7 Replies
LEARN ABOUT DEBIAN
audispd.conf
AUDISPD.CONF:(5) System Administration Utilities AUDISPD.CONF:(5)
NAME
audispd.conf - the audit event dispatcher configuration file
DESCRIPTION
audispd.conf is the file that controls the configuration of the audit event dispatcher. The options that are available are as follows:
q_depth
This is a numeric value that tells how big to make the internal queue of the audit event dispatcher. A bigger queue lets it handle a
flood of events better, but could hold events that are not processed when the daemon is terminated. If you get messages in syslog
about events getting dropped, increase this value. The default value is 80.
overflow_action
This option determines how the daemon should react to overflowing its internal queue. When this happens, it means that more events
are being received than it can get rid of. This error means that it is going to lose the current event its trying to dispatch. It
has the following choices: ignore, syslog, suspend, single, and halt. If set to ignore, the audisp daemon does nothing. syslog
means that it will issue a warning to syslog. suspend will cause the audisp daemon to stop processing events. The daemon will still
be alive. The single option will cause the audisp daemon to put the computer system in single user mode. halt option will cause the
audisp daemon to shutdown the computer system.
priority_boost
This is a non-negative number that tells the audit event dispatcher how much of a priority boost it should take. This boost is in
addition to the boost provided from the audit daemon. The default is 4. No change is 0.
max_restarts
This is a non-negative number that tells the audit event dispatcher how many times it can try to restart a crashed plugin. The
default is 10.
name_format
This option controls how computer node names are inserted into the audit event stream. It has the following choices: none, hostname,
fqd, numeric, and user. None means that no computer name is inserted into the audit event. hostname is the name returned by the
gethostname syscall. The fqd means that it takes the hostname and resolves it with dns for a fully qualified domain name of that
machine. Numeric is similar to fqd except it resolves the IP address of the machine. User is an admin defined string from the name
option. The default value is none.
name This is the admin defined string that identifies the machine if user is given as the name_format option.
SEE ALSO
audispd(8)
Red Hat Jan 2008 AUDISPD.CONF:(5)