Atomicorp

Security for Everyone
https://forums.atomicorp.com/

Logging source port

https://forums.atomicorp.com/viewtopic.php?t=5459

Page 1 of 1

Logging source port

Posted: Mon Oct 17, 2011 4:03 pm
by npavlidis
Hey guys,

http://blog.rootshell.be/2011/10/17/use ... witterfeed

Take a look at the article above and please comment, should ASL mandate these changes ? I know its something we can all change by hand but should it be something that asl -s -f fixes for us?

Cheers,

Nik

Re: Logging source port

Posted: Mon Oct 17, 2011 8:00 pm
by mikeshinn
Good news, ASL already logs the port when it logs an attack. Just look at a typical WAF alert payload in the A header:

[17/Oct/2011:19:58:17 --0400] YWPLWMCoAfkAAA3WvTEAAAAB 192.168.1.250 42359 192.168.1.249 80

In this example, the source IP address is 192.168.1.250 and the source port is 42359.

So, no need to change your apache configs.
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited