[prev in list] [next in list] [prev in thread] [next in thread]
List: fwknop-discuss
Subject: Re: [Fwknop-discuss] ad-hoc syslogging via SPA
From: fwm () nym ! hush ! com
Date: 2011-09-22 10:21:34
Message-ID: 20110922102134.EBBEDE671D () smtp ! hushmail ! com
[Download RAW message or body]
>
>Interesting idea. When you say that you used the cmd mode, did
>you
>somehow encode the syslog data itself within an SPA packet so that
>it
>was encrypted en-route? Or was the SPA packet sent in order to
>open
>up a syslog listener through an otherwise default drop packet
>filter,
>and then the syslog data followed?
It was the former: I was sending syslog messages to a FIFO pipe and
then trying to grab lines from that into something like the --
Server-cmd parameter. Sending messages in --Server-cmd resulted in
them logged at the other end, even though they weren't legitimate
commands.
--
mart
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Fwknop-discuss mailing list
Fwknop-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic