From owner-freebsd-questions Mon Feb 12 7:53:10 2001 Delivered-To: freebsd-questions@freebsd.org Received: from datasphereweb.com (unknown [24.10.46.121]) by hub.freebsd.org (Postfix) with SMTP id C399137B491 for ; Mon, 12 Feb 2001 07:53:06 -0800 (PST) Received: (qmail 7694 invoked from network); 12 Feb 2001 15:53:06 -0000 Received: from unknown (HELO kennedy) (156.27.134.202) by c182500-a.frndl1.wa.home.com with SMTP; 12 Feb 2001 15:53:06 -0000 From: "David Daugherty" To: "DINKEY,GENE (HP-Loveland,ex1)" , Subject: RE: Logging IP address for all connections Date: Mon, 12 Feb 2001 07:49:39 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Take a look at portsentry. /usr/ports/security/portsentry http://www.psionic.com/abacus/portsentry --- |> /\ \/ @ davidd@datasphereweb.com DataSphere - Back end web programming, site security, and networking david.daugherty@netmanage.com Software Engineer NetManage - The Bridge to E-Business http://www.wcug.wwu.edu/~doc ICQ: 21106703 "I like the dreams of the future better than the history of the past" - Thomas Jefferson > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of DINKEY,GENE > (HP-Loveland,ex1) > Sent: Monday, February 12, 2001 7:41 AM > To: 'freebsd-questions@freebsd.org' > Subject: Logging IP address for all connections > > > I'm running FreeBSD 3.4-RELEASE and have recently been under > attack by what > appears to be a bored script kiddie. The attacks have come from several > different locations (for some reason they keep trying to log on via anon > FTP). I've been port scanned twice in a week (unfortunatly all I get in > messages is the ICMP bandwidth limit messages). > > I would like to be able to log the ip address and port number of every ip > address that connects to the machine from my external interface. If > possible I would like to also be able to log that to a seperate > file instead > of to messages to prevent clutter. > > I've searched the archives and looked at ipfw(8), syslogd(8), and > syslog.conf(5). It's all very confusing and a little help understanding > what I need to do would be appreciated. > > The system has 2 NIC's and runs natd, it's a gateway for my cable > modem. I > only need to log on the NIC that's exposed to the world. > > Thank you in advance > > Gene Dinkey > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message