r3v-evilmegacorp
commented
9 years ago Why not use a standard like syslog for this??
Open bool101 opened 9 years ago
r3v-evilmegacorp
commented
9 years ago Why not use a standard like syslog for this??
r3v-evilmegacorp
commented
9 years ago Or is this the payload dumping stuff you are referring to
zxkevn
commented
9 years ago I feel like this is going to tie into #12, which kind of sits in limbo as far as my understanding goes. I think I remember the decision being made that we'll do pcap on the game vm, so where do we want the logserver to sit? Do we want to use Log() to dump traffic on a pcre hit, or will we just comb the pcap for the offending traffic?
zachriggle
commented
9 years ago Ping
zxkevn
commented
9 years ago Made commit https://github.com/samuraictf/gatekeeper/commit/2ef681578873457e1edb6592b3574f71f65d3454 until we come up with something else (maybe something that logs to grep'able files as well would be nice?)
unsure why this is the case, netcat sits in a poll syscall and never returns. tcpdump shows data being sent. We may want to write our own listener that only does recvfrom() in a loop.