Le mer 24/12/2003 à 05:12, Vinayakam Murugan a écrit : > How can i uniquely identify such packets so that I don't log them and just > drop them? Is this possible? Yes you can. Just remove the logging rule. > My primary objective is to log suspicious packets only. Any pointers on how I > can do that? The thing with suspicious packets is they're only suspicious... That means you cannot be sure that they're really malicious, so you can't drop them. Practically, you'll get far more false positive than real badly crafted packets. You can spot what you feel suspicious, but afterwards, you'll have to analyse your logs in order to see if they're malicious or not. In your case, they don't seem to be (to me). -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
