Date: Tue, 11 Aug 1998 14:12:47 +1200 (NZST) From: Andrew McNaughton <andrew@squiz.co.nz> To: Jesse <j@lumiere.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipfw log limits by connection vs. rule Message-ID: <Pine.BSF.3.96.980811140438.338N-100000@aniwa.sky> In-Reply-To: <Pine.BSF.4.02.9808101654030.8214-100000@leaf.lumiere.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 10 Aug 1998, Jesse wrote: > I was wondering if anyone knew/came up with some way of setting an ipfw > log limit that tracked by unique connection instead of by the ipfw rule. > That's probably not very clear, so I'll give an example of what I mean. > > Currently, if I have the rule > > 55000 deny log tcp from any to any setup > > and my ipfw log limit is 50, then if stranger.someplace.com sends 50 > packets to fbsd.mydomain.comport 23, I'll hit that log limit. Then he can > portscan all my other ports, without being logged. Also, if > stranger2.somewhere.org comes along, nothing from him will be logged > (under the same rule). You can set syslog.conf so that all messages from ipfw get piped to a script. I've had this in mind for a while, but not yet had the time to write it. Has anyone got a script set up to summarise this stuff as it comes in? Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980811140438.338N-100000>