From owner-freebsd-questions Sun Jun 25 10:58:28 2000 Delivered-To: freebsd-questions@freebsd.org Received: from gemini.quadrhys.com (stratum.tscs.ab.ca [209.115.211.176]) by hub.freebsd.org (Postfix) with ESMTP id 4329337B699 for ; Sun, 25 Jun 2000 10:58:22 -0700 (PDT) (envelope-from freebsd@quadrhys.com) Received: from hybrid (hybrid [192.168.69.10]) by gemini.quadrhys.com (8.9.3/8.9.3) with SMTP id LAA02595; Sun, 25 Jun 2000 11:58:09 -0600 (MDT) (envelope-from freebsd@quadrhys.com) From: "Jamie Hermans" To: "'Mike'" Cc: Subject: RE: telnet log? Date: Sun, 25 Jun 2000 11:57:40 -0600 Message-ID: <000001bfdece$db229850$0a45a8c0@quadrhys.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <4.3.1.2.20000625134256.00b07980@mail.mikesweb.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I use the firewall logging rules (I assume you don't actually have telnet open, you just want to know who's knocking?) There are probably more glorious ways of doing this ... portsentry, etc. Mine works for me ;-) /etc/rc.firewall ----- /sbin/ipfw add deny log tcp from any to {your.ip.num.here} 23 via {interface} /sbin/ipfw add deny log udp from any to {your.ip.num.here} 23 via {interface} ----- /etc/syslog.conf ----- !ipfw *.* /var/log/ipfw.log ----- /usr/src/sys/i386/conf/{yourkernel} ----- options IPFIREWALL options IPFIREWALL_VERBOSE ----- The resulting ipfw.log looks like: (them=1.1.1.1 me=2.2.2.2) ----- Jun 23 11:18:48 ipfw: 300 Deny TCP 1.1.1.1:832 2.2.2.2:23 in via {interface} Jun 23 11:18:51 ipfw: 300 Deny TCP 1.1.1.1:832 2.2.2.2:23 in via {interface} ----- ... Jamie -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Mike Sent: Sunday, June 25, 2000 11:44 am To: freebsd-questions@FreeBSD.ORG Subject: telnet log? Is there a log of, or a way to log any attempts to telnet into your server? Thanks Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message