Want to send an email when a port is used

jmcnulty

Hi everyone,

Unusual request that Google hasn't been able to help with.

I have VMWare running on my Debian box that has XP-Pro as a guest OS. The guest OS will only be connected to through normal Windows remote desktop.

I want to fire myself an email when the RDC client connects (and ideally disconnects), so I was hoping to setup a monitor in Debian that can fire me a mail through mutt or something that mails me when the 3389 port is accessed.

Is this possible or am I looking at it the wrong way?

TIA

Joe

gomer

There are 2 solutions that come to mind right away. First is to have the guest bind RDP to some other port. Then you can write an application that listens on port 3389 that simply pipes the traffic it receives back into the newly bound RDP port and also sends you an email when it receives an RDP connections request, and RDP disconnection request.

The second idea I had was to accomplish what you want w/ IPTABLES. You should be able to write a couple of rules that match the TCP 3 way handshake for the initial RDP connection, and then match both a timeout of an established RDP session or the normal TCP socket tear down process for the RDP session. Then you can use the ULOG target to log the events somewhere and process them however you like.

I also heard that there may be a new TRIGGER target. I don't know exactly what it supports, though. I'm not sure if it an only be used to trigger the creation of a packet, or if it can be used to trigger initiation of a process. If the latter is true, you can skip the ULOG approach and do it that way.

jmcnulty

That gives me enough to start looking again - many thanks for your help!

Joe