Query: TCP/IP security logging capabilites
I am reasonably new to the Linux networking.
I am just wondering if the Linux networking stack records various attacks to the TCP/IP stack by itself. Does it log errors for example corrupt TCP segments as a result of setting multilple TCP flags (the setting of both syn and rst etc). And where would such error, failed attempt log files be stored? (Ubuntu user)
I am trying to figure out if various errors that arise within the TCP/IP stack could some how be used as guidance when designing for example firewall rules.
Consider if an offending IP address is launching a DoS attack for example a FIN-WAIT-2 flood attack can the server have its TCP/IP stack log this?
if this is the case then I can use various constraint reasoners and other nuts and bolts to automatically infer a set of dynamic firewall rules to mitigate/reduce attacks.
I understand that iptables can protect the network by implementing various best practices but I am keen to know more about the logging facilities that the server TCP/IP stack can perform on its own. After all, its doing deep packet inspection (using this term loosely) as it decouples the packet, so I presume it has the mechanics to record failed attempts and so forth.
Looking forward to your comments. I am still just getting my teeth into the issue.