Hosts that report down but aren't

Rico Gloeckner rico at noris.net
Mon Nov 11 09:37:51 CET 2002


On Fri, Nov 08, 2002 at 11:09:55AM -0600, Carroll, Jim P [Contractor] wrote:
> I guess this would depend on how strict the firewall is.  If you take the
> case where everything's been turned off, but SSH and HTTP have been
> explicitly permitted (the "that which is not expressly permitted is
> prohibited" school of thought), then you'll have to work with what you're
> given.  Which brings us full circle back to SSH.  ;)

Use the check_raw Plugin, let it act like nmap in -sS mode does (thus
requiring the plugin to be suid root):

 - NagiosHost sends Syn Packet to Box, Port 22
 - NagiosHost either receives Syn,ACK or RST (port open/closed)
 - check_Raw knows the Host is up and sends a RST in the former case.
 - or; Plugin timeouts, the Host is assumed to be down.

This can be done with any non-filtered TCP port, but requires you to
know a TCP Port, which is not filtered for a long Time, so you can
actually rely on it.


	-rg


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf




More information about the Users mailing list