Date: Mon, 12 Feb 2001 07:40:36 -0800 From: "DINKEY,GENE (HP-Loveland,ex1)" <gene_dinkey@hp.com> To: "'freebsd-questions@freebsd.org'" <freebsd-questions@freebsd.org> Subject: Logging IP address for all connections Message-ID: <F341E03C8ED6D311805E00902761278C531578@xfc04.fc.hp.com>
next in thread | raw e-mail | index | archive | help
I'm running FreeBSD 3.4-RELEASE and have recently been under attack by what appears to be a bored script kiddie. The attacks have come from several different locations (for some reason they keep trying to log on via anon FTP). I've been port scanned twice in a week (unfortunatly all I get in messages is the ICMP bandwidth limit messages). I would like to be able to log the ip address and port number of every ip address that connects to the machine from my external interface. If possible I would like to also be able to log that to a seperate file instead of to messages to prevent clutter. I've searched the archives and looked at ipfw(8), syslogd(8), and syslog.conf(5). It's all very confusing and a little help understanding what I need to do would be appreciated. The system has 2 NIC's and runs natd, it's a gateway for my cable modem. I only need to log on the NIC that's exposed to the world. Thank you in advance Gene Dinkey To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F341E03C8ED6D311805E00902761278C531578>