[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Whitelist - Reverse Lookups

To: ossec-list@xxxxxxxxx
Subject: [ossec-list] Whitelist - Reverse Lookups
From: "Shohn Trojacek" <trojacek@xxxxxxxxx>
Date: Wed, 10 Oct 2007 17:36:46 -0500
Authentication-results: mx.google.com; spf=pass (google.com: domain of trojacek@xxxxxxxxx does not designate 64.233.182.190 as permitted sender) smtp.mail=ossec-list+caf_=ossec-list=googlegroups.com@xxxxxxxxx; dkim=pass (test mode) header.i=@xxxxxxxxx
Authentication-results: mx.google.com; spf=pass (google.com: domain of trojacek@xxxxxxxxx designates 209.85.132.248 as permitted sender) smtp.mail=trojacek@xxxxxxxxx; dkim=pass (test mode) header.i=@xxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=euIEY7LhnmNyAAhfcLoDO4CKPbkfWLcxw/oO2pgfV8I=; b=eJT7TX2o41X/kQqaD5hK4mAmHfbsliDE5Y/bHLMRggasHrmvIsUVB4wQOj0+s88fc60bryDERn1TRSaLTyRV/Bssubu6IXYHgp1EL6NiB8bY+hKVU9RJttiG+mF8HO/dzVTVIR7KJHfRlSDIxnkNrky+F34FQuFs+RfpUWM38AM=

Okay, I had setup a rule to shun systems scanning my system by keying in on the firewall DENY messages. Works great for the most part; however, for some reason when I go to use google maps, they like to try to connect to a couple of ports that will not be open. This generates a DENY from the firewall, and then Google earth is shunned. I presume they are expecting some sort of agent on the client side, perhaps for local caching of the image data or something.

Is there a way to make the white list work by doing a lookup and whitelisting based on domain name as opposed to just network or IP address?

If the answer is no, which I believe it is, how about an alternative suggestion - could I create some sort of white list based on the port the remote system is attempting to connect to? Any ideas where to start with this please.

Prev by Date: [ossec-list] Re: AIX 5.3 sshd logins and sudo
Next by Date: [ossec-list] Re: Syslog-NG with OSSEC Questions!
Previous by thread: [ossec-list] Re: Windows client communication issue
Next by thread: [ossec-list] GUI Question
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.