Hosts that report down but aren't
Rico Gloeckner
rico at noris.net
Mon Nov 11 09:37:51 CET 2002
On Fri, Nov 08, 2002 at 11:09:55AM -0600, Carroll, Jim P [Contractor] wrote:
> I guess this would depend on how strict the firewall is. If you take the
> case where everything's been turned off, but SSH and HTTP have been
> explicitly permitted (the "that which is not expressly permitted is
> prohibited" school of thought), then you'll have to work with what you're
> given. Which brings us full circle back to SSH. ;)
Use the check_raw Plugin, let it act like nmap in -sS mode does (thus
requiring the plugin to be suid root):
- NagiosHost sends Syn Packet to Box, Port 22
- NagiosHost either receives Syn,ACK or RST (port open/closed)
- check_Raw knows the Host is up and sends a RST in the former case.
- or; Plugin timeouts, the Host is assumed to be down.
This can be done with any non-filtered TCP port, but requires you to
know a TCP Port, which is not filtered for a long Time, so you can
actually rely on it.
-rg
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
More information about the Users
mailing list