From owner-freebsd-questions@FreeBSD.ORG Sun May 4 22:08:09 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 90E1237B401 for ; Sun, 4 May 2003 22:08:09 -0700 (PDT) Received: from boris.st.hmc.edu (boris.ST.HMC.Edu [134.173.63.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0A5F043F93 for ; Sun, 4 May 2003 22:08:09 -0700 (PDT) (envelope-from jeff@unixconsults.com) Received: from boris.st.hmc.edu (localhost.st.hmc.edu [127.0.0.1]) by boris.st.hmc.edu (8.12.6p2/8.12.6) with ESMTP id h4557ssw031057; Sun, 4 May 2003 22:07:54 -0700 (PDT) (envelope-from jeff@unixconsults.com) Received: from localhost (jeff@localhost)h4557rpo031054; Sun, 4 May 2003 22:07:53 -0700 (PDT) X-Authentication-Warning: boris.st.hmc.edu: jeff owned process doing -bs Date: Sun, 4 May 2003 22:07:43 -0700 (PDT) From: Jeff Jirsa X-X-Sender: jeff@boris.st.hmc.edu To: admin In-Reply-To: <20030505044937.M68945@enabled.com> Message-ID: <20030504220634.E31050-100000@boris.st.hmc.edu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by unixconsults.com X-Spam-Status: No, hits=0.1 required=5.0 tests=IN_REP_TO,SPAM_PHRASE_03_05,X_AUTH_WARNING version=2.43 cc: freebsd-questions@freebsd.org Subject: Re: port scanning detection X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 May 2003 05:08:09 -0000 On Sun, 4 May 2003, admin wrote: > > > Hey, > > Is there a good Program out there that can assist me with identifying when I > am getting portscanned and possible origination? If you're running a firewall, set the firewall to log connection attempts to ports not in use. If you're not running a firewall, run the command: sysctl net.inet.tcp.log_in_vain=1 When you're port scanned, you'll see the connection attempts in `dmesg -a` and on the console. - Jeff