ipchains blocks from SOCK_RAW?

tack@sault.org
Mon, 14 Sep 1998 20:45:54 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David S. Miller: "Re: tulip driver in 2.1.11* - 2.1.21 is broken - new driver"
Previous message: Benjamin Redelings I: "[2.1.122-pre3] Works fine, on a UP PPRo with SB16, IDE, NE2000"
Next in thread: Cezary Sliwa: "Re: Minor PTRACE security bug"
Reply: Cezary Sliwa: "Re: Minor PTRACE security bug"
Maybe reply: Paul Rusty Russell: "Re: ipchains blocks from SOCK_RAW?"
Reply: Chris Evans: "Re: Minor PTRACE security bug"

I've noticed that, using ipchains (kernel 2.1.115), packet sniffers are unable
to see packets which are blocked by the firewall. As I recall, ipfwadm didn't
behave in this way. What I want to do is this: I have the firewall block
certain packets, but I would like to analyse these packets to see if they are
in fact malicious in nature. Is this possible?

Jason Tackaberry,
tack@sault.org

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: David S. Miller: "Re: tulip driver in 2.1.11* - 2.1.21 is broken - new driver"
Previous message: Benjamin Redelings I: "[2.1.122-pre3] Works fine, on a UP PPRo with SB16, IDE, NE2000"
Next in thread: Cezary Sliwa: "Re: Minor PTRACE security bug"
Reply: Cezary Sliwa: "Re: Minor PTRACE security bug"
Maybe reply: Paul Rusty Russell: "Re: ipchains blocks from SOCK_RAW?"
Reply: Chris Evans: "Re: Minor PTRACE security bug"