Date: Thu, 23 Sep 1999 11:16:03 -0400 From: "Jung, Michael" <mjung@npc.net> To: "'Chris Shenton'" <cshenton@uucom.com>, "'freebsd-net@FreeBSD.ORG'" <freebsd-net@FreeBSD.ORG> Cc: "'freebsd-security@FreeBSD.ORG'" <freebsd-security@FreeBSD.ORG> Subject: RE: Inetd -l: log *all* connection attempts (not just valid svcs) Message-ID: <c=US%a=_%p=Financial_Allian%l=EXCHANGE-990923151603Z-13879@exchange.finall.com>
next in thread | raw e-mail | index | archive | help
sysctl -w net.inet.udp.log_in_vain=1 sysctl -w net.inet.tcp.log_in_vain=1 will give you (root@charon) /home/mikej/mount$grep Connection /var/log/debug Sep 23 11:00:26 charon /kernel: Connection attempt to UDP 127.0.0.1:4456 from 127.0.0.1:53 Sep 23 11:00:53 charon /kernel: Connection attempt to UDP 10.0.158.10:161 from 10.0.158.28:1063 Sep 23 11:00:57 charon /kernel: Connection attempt to UDP 10.0.158.10:161 from 10.0.158.28:1063 Sep 23 11:01:58 charon /kernel: Connection attempt to UDP 10.0.158.10:161 from 10.0.158.28:1063 Sep 23 11:02:03 charon /kernel: Connection attempt to UDP 10.0.158.10:161 from 10.0.158.28:1063 Sep 23 11:03:04 charon /kernel: Connection attempt to UDP 10.0.158.10:161 from 10.0.158.28:1063 Sep 23 11:03:08 charon /kernel: Connection attempt to UDP 10.0.158.10:161 from 10.0.158.28:1063 Sep 23 11:03:20 charon /kernel: Connection attempt to UDP 127.0.0.1:137 from 127.0.0.1:4250 Sep 23 11:04:14 charon /kernel: Connection attempt to UDP 10.0.158.10:161 from 10.0.158.28:1063 Sep 23 11:04:16 charon /kernel: Connection attempt to UDP 127.0.0.1:137 from 127.0.0.1:2554 Sep 23 11:04:19 charon /kernel: Connection attempt to UDP 10.0.158.10:161 from 10.0.158.28:1063 Sep 23 11:05:19 charon /kernel: Connection attempt to UDP 10.0.158.10:161 from 10.0.158.28:1063 Sep 23 11:05:25 charon /kernel: Connection attempt to UDP 10.0.158.10:161 from 10.0.158.28:1063 Sep 23 11:06:23 charon /kernel: Connection attempt to UDP 10.0.158.10:161 from 10.0.158.28:1063 Sep 23 11:06:23 charon /kernel: Connection attempt to UDP 127.0.0.1:137 from 127.0.0.1:4561 Sep 23 11:06:27 charon /kernel: Connection attempt to UDP 10.0.158.10:161 from 10.0.158.28:1063 Sep 23 11:07:28 charon /kernel: Connection attempt to UDP 10.0.158.10:161 from 10.0.158.28:1063 --mikej >-----Original Message----- >From: Chris Shenton [SMTP:cshenton@uucom.com] >Sent: Thursday, September 23, 1999 11:04 AM >To: freebsd-net@FreeBSD.ORG >Cc: freebsd-security@FreeBSD.ORG >Subject: Inetd -l: log *all* connection attempts (not just valid svcs) > >FreeBSD-3.2 inetd has a "-l" flag which logs all attempts: > > If the -l option is specified, all connection attempts are logged, > whether they are allowed, denied or not wrapped at all. Otherwise, only > denied requests will be logged. > >but I gather it only logs attempts for ports which inetd.conf has >configured for services. > >I'd like a way to log *all* network connection attempts, especially >attempts to services which aren't defined. This would allow me to spot >people scanning my host (where only a few services are enabled). > >Perhaps inetd isn't the right place to do this since it has no >awareness of other services which might be running (e.g., httpd on >port 80). Is this true? Or can inetd be bound to all unused ports to >log attempts? > >If not I suppose the logical conclusion would be to run ipfw or >ipfil... certainly doable, but not as trivial for users to enable as >turning on an inetd flag. Suggestions? > >Thanks. > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c=US%a=_%p=Financial_Allian%l=EXCHANGE-990923151603Z-13879>