[ANNOUNCE] Protowatch userspace monitoring for anomalous packets

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Justin Pryzby <justinpryzby@users.sourceforge.net>
To: netfilter@lists.netfilter.org
Subject: [ANNOUNCE] Protowatch userspace monitoring for anomalous packets
Date: Thu, 22 May 2003 14:50:16 -0400	[thread overview]
Message-ID: <20030522185016.GA27208@andromeda> (raw)

See [http://www.sf.net/projects/protowatch/].  I thought this list might
be interested in my use of userland QUEUEing, though such use was
probably not intended by the author of the QUEUE target!

A section from the README file is included.

The interesting lines of code are:

	listen(sock, 1));
	ipq_set_verdict(h, msg->packet_id, NF_ACCEPT, 0,0);
	client=accept(sock, (struct sockaddr *) &addr, &len);

Please Cc: me in all replies, I am not subscribed.

Justin Pryzby

From the README:

Protowatch is a userspace extension to Linux's 2.4 iptables firewalling
code.  It is intended to watch all unanticipated traffic which reaches a
machine.  `iptables -t filter -A INPUT -j QUEUE` will effectively create
a new 'policy' sending all previously-unhandled packets to userspace.
Userspace will dynamically start a server to accept the packet, and log
whatever the client sends.  Useful for discovering what protocols are in use.

Protowatch is intended to allow for easy identification of protocols;
previously, to identify a Gnutella-type connection, the author had to
modify his firewall script to accept connections to TCP:6346, then
manually run a netcat listener.  Protowatch automates this process.

                 reply	other threads:[~2003-05-22 18:50 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20030522185016.GA27208@andromeda \
    --to=justinpryzby@users.sourceforge.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.