09-18-2010
OpenBSD's pF is a stateful firewall that can act as a proxy for connections. The connection handshake is validated (with the client) instead of just forwarding the packet on to the destination. It is available for other BSDs as well, also known as a synproxy.
What firewall architecture are you currently using?
7 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
since putting my pc online, it keeps getting slower and i dig the logfile to have such a surprise:
this is just one of a many and I beleived it's a bruteforce attack
how do i block this IP 200.41.81.228 from trying to knock my online pc?
my system:
FreeBSD testing.net 6.2-STABLE-JE... (6 Replies)
Discussion started by: rdns
6 Replies
2. Cybersecurity
REPLAY ATTACK.
Can some one elobrate on measures to encounter this problem of replay atack on network. (3 Replies)
Discussion started by: Ashvin Gaur
3 Replies
3. Cybersecurity
About 3 days ago our Apache logs started filling with the following errors:
mod_ssl: SSL handshake failed (server <weberver>:443, client 41.235.234.172) (OpenSSL library error follows)
OpenSSL: error:1408A0B7:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers specified
These initially were... (1 Reply)
Discussion started by: ccj4467
1 Replies
4. Cybersecurity
Hi,
I have a belkin router installed and a look at the security log has got me worried a little bit.
Security log:
Fri Jan 29 20:41:46 2010
=>Found attack from 68.147.232.199.
Source port is 58591 and destination port is 12426 which use the TCP protocol.
Fri Jan 29 20:41:46 2010 ... (1 Reply)
Discussion started by: jld
1 Replies
5. Cybersecurity
In my logs I find entries about attacks on my system. I know IP addresses, I know date and time and I know what they tried to do. So what's the best I can do now? Tell everybody that there are cybercriminals on that network? Write an email to their admin? Anything else? (10 Replies)
Discussion started by: Action
10 Replies
6. Cybersecurity
Is this an attack attempt? I got an e-mail from 'uucp Admin' last night and again this morning:
What does it mean and what can I do about it? Thanks (4 Replies)
Discussion started by: ctafret
4 Replies
7. Emergency UNIX and Linux Support
Dear community,
my site was recently attacjed by DDOS technique and goes down in a few minutes. My site runs under Debian/Apache2/Mysql.
I identified the IPs who attack me and block it through iptable firewall from debian.
Something like:
iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP
This... (7 Replies)
Discussion started by: Lord Spectre
7 Replies
LEARN ABOUT DEBIAN
welf_proxy2dlf
WELF_PROXY2DLF.IN(1) LogReport's Lire Documentation WELF_PROXY2DLF.IN(1)
NAME
welf_proxy2dlf - convert logs in WebTrends Enhanced Log Format to proxy DLF
SYNOPSIS
welf_proxy2dlf file
DESCRIPTION
welf_proxy2dlf converts firewall logs in the WebTrends Enhanced Log Format into the proxy DLF.
That format is defined at the following URL: http://www.netiq.com/partners/technology/welf.asp
This converter also supports the SonicWall extensions.
A list of firewall products that supports that format can be found at the following URL: http://www.netiq.com/products/fwr/compatible.asp
EXAMPLES
To process a log as produced by a WebTrends proxy:
$ welf_proxy2dlf < welf-proxy.log
welf_proxy2dlf will be rarely used on its own, but is more likely called by lr_log2report:
$ lr_log2report welf_proxy < /var/log/welf-proxy.log
IMPLEMENTATION NOTES
Welf log files contains information about many applications: proxies, packet filters, IDS. IDS and packet filters information is handled by
the firewall superservice, whereas the proxy information is handled by the proxy supersevice.
This converter will only convert records with a proto, src and dst field. All other records are ignored (they won't be ignored by the
firewall superservice).
SEE ALSO
Lire::WELF(3) welf2dlf(1)
AUTHORS
Francis J. Lacoste <flacoste@logreport.org>
VERSION
$Id: welf_proxy2dlf.in,v 1.8 2006/07/23 13:16:36 vanbaal Exp $
COPYRIGHT
Copyright (C) 2001 Stichting LogReport Foundation LogReport@LogReport.org
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program (see COPYING); if not, check with
http://www.gnu.org/copyleft/gpl.html.
Lire 2.1.1 2006-07-23 WELF_PROXY2DLF.IN(1)