this is release v1.8 of iplog -- tcp, udp, and icmp logging utilities for Linux.

    Make sure you edit config.h!

    Read the whole README and Changelog before you ask questions!

tcplog  it was originally a hack of Mike Edulla's iplogger, but it hardly
        resembles it now.  it has a lot more features..  edit config.h for more
        adjustability.  this tcplog also detects several forms of port-scanning
        methods that would be stealth but *can* be detected.

        it fetches remote identd requests but, as this iplog always has, does
        not attempt to fetch the username if the port is not listening, which
        will always return NO-USER.

        this version uses dns caching to make life easier on a slow connection
        or with a dumb nameserver.  these caches expire after 30 minutes of
        use.

        now uses a portscan detector, as of v1.4 to avoid logging too much of
        a portscan.  can't have idiots using it as a DoS.

        NOTE: I refuse to ignore syn floods.  this would not be a useful feature        but a very easy way to defeat the purpose of logging tcp.


udplog  at the time this was originally concocted, no other udplogs were around
        (bleh) but now there are, and i think they suck.  the biggest problem
        i saw was that they ignored everything from src port 53.. this udplog
        reads the valid nameservers from /etc/resolv.conf and ignores datagrams
        from src port 53 of these addresses. it also will log uses of
        traceroute(1) if a packet's sport/dport appear to be in range.
        (ftp.ee.lbl.gov/traceroute.tar.Z)

icmplog this is much more informative than most of the icmplogs i've seen, but
        i don't want to go into writing anything more into it.  if you need to
        know what every damn icmp packet coming to your ip means, you should
        just type 'tcpdump -vv icmp'. (ftp.ee.lbl.gov/tcpdump.tar.Z)

        as of v1.3 it also protects from smurf attacks filling the entire system        log file and is more informative in "what the hell does that mean" sense

thanks to everyone who helped me fix the bugs in v1.1 and fix it for
various distributions.

thanks to Odin for lots of help and stuff.  make sure to get his excellent
program (OJNK identd) at http://www.ojnk.org/~odin/oidentd-1.6.1.tar.gz
Go forth and use it; do not be lame, lest the good name of OJNK be tarnished.

thanks also to the guy who registered "ojnk.com" and "behe.com", and is now
trying to sell them for $2,000 apiece; both were registered one day after my
first post to freshmeat.net (Coincidence? Yeah, sure).  Way to go, you sleazy
domain name hoarder (Idomain) and the all the other companies like you  :)

if you have actual problems (not how to compile it, etc) or have ideas for more
functionality, mail me at eric@ojnk.org                http://www.ojnk.org/~eric
