Home page logo

basics logo Security Basics mailing list archives

Re: iptables log analysis tools
From: Yvan Laverdiere <laverdiy () videotron ca>
Date: Mon, 24 Feb 2003 14:22:33 -0500


Have a look at this page :


Hope this helps...


----- Original Message -----
From: "Skip Morrow" <skip () pelorus org>
To: "Security-Basics" <security-basics () securityfocus com>
Sent: Sunday, February 23, 2003 12:26 PM
Subject: iptables log analysis tools

ACID is great for analyzing snort logs.  Are there any good software
packages with that kind of power and flexibility for iptables logs?
I think one place to start would be to find a way to have iptables
log to a mysql database (like snort does).
Skip Morrow, skip () pelorus org on 02/23/2003

From alias () securityfocus com Mon Feb 24 14:10:16 2003
X-Apparently-To: yladude () yahoo com via; 24 Feb 2003
11:08:55 -0800 (PST)
Return-Path: <bugtraq-return-8426-yladude=hoo.com () securityfocus com>
Received: from  (EHLO outgoing.securityfocus.com)
Received: from lists.securityfocus.com (lists.securityfocus.com
Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq () securityfocus com>
List-Help: <mailto:bugtraq-help () securityfocus com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe () securityfocus com>
List-Subscribe: <mailto:bugtraq-subscribe () securityfocus com>
Delivered-To: mailing list bugtraq () securityfocus com
Delivered-To: moderator for bugtraq () securityfocus com
Received: (qmail 20005 invoked from network); 23 Feb 2003 17:39:53 -0000
Date: 23 Feb 2003 17:42:43 -0000
Message-ID: <20030223174243.21642.qmail () mail securityfocus com>
From: alias () securityfocus com
Subject: Re[2]: PHPNuke SQL Injection / General SQL Injection
Content-Length: 727


In response to your mail of Saturday 22 February 2003 at 21:20:29:

M> Actually, user supplied input from $_COOKIES, $_POST, and $_GET
M> comes slash-escaped, so if the user enters
M> ' or 1=
M> as their input, the sql statement will look like
M> where some_int=' or 1=
M>       [..snip..]
M> function escape($input){
M>     if (get_magic_quotes_gpc()) return $input;
M>     return addslashes($input);
M> }
M>       [..snip..]

Better still, always do this:

        ...WHERE id =. intval($userinput) ." AND...

which doesn't rely on local configuration, magicquotes etc., and
resolves to (e.g.) "id =" when the $userinput is bad or missing.

Safe, simple, portable and effective.

Best regards,

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]