Hey guys,
http://blog.rootshell.be/2011/10/17/use ... witterfeed
Take a look at the article above and please comment, should ASL mandate these changes ? I know its something we can all change by hand but should it be something that asl -s -f fixes for us?
Cheers,
Nik
Logging source port
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Logging source port
Good news, ASL already logs the port when it logs an attack. Just look at a typical WAF alert payload in the A header:
[17/Oct/2011:19:58:17 --0400] YWPLWMCoAfkAAA3WvTEAAAAB 192.168.1.250 42359 192.168.1.249 80
In this example, the source IP address is 192.168.1.250 and the source port is 42359.
So, no need to change your apache configs.
[17/Oct/2011:19:58:17 --0400] YWPLWMCoAfkAAA3WvTEAAAAB 192.168.1.250 42359 192.168.1.249 80
In this example, the source IP address is 192.168.1.250 and the source port is 42359.
So, no need to change your apache configs.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone