Date: Wed, 22 Sep 1999 11:19:45 +0100 From: Ben Smithurst <ben@scientia.demon.co.uk> To: Christopher Michaels <ChrisMic@clientlogic.com> Cc: Joe Bo <ibjoe@home.com>, freebsd-questions@FreeBSD.ORG Subject: Re: is this an attack? Message-ID: <19990922111945.A21609@lithium.scientia.demon.co.uk> In-Reply-To: <6C37EE640B78D2118D2F00A0C90FCB4401105C85@site2s1> References: <6C37EE640B78D2118D2F00A0C90FCB4401105C85@site2s1>
next in thread | previous in thread | raw e-mail | index | archive | help
Christopher Michaels wrote: > Also, since you have tcp_wrappers installed take a look at 'man 5 > hosts_access' and 'man 5 hosts_options'. > > Both are well documented, and unlike the ipfw solution (which is a good > one), tcp_wrappers does log attempted connections. Ipfw *can* log, and all my deny rules do. (With the exception of 65535 0 0 deny ip from any to any, but that cannot be reached because of the earlier 02700 0 0 deny log ip from any to any.) $ man ipfw [...] If the kernel was compiled with IPFIREWALL_VERBOSE, then when a packet matches a rule with the log keyword a message will be printed on the con- sole. If the kernel was compiled with the IPFIREWALL_VERBOSE_LIMIT op- tion, then logging will cease after the number of packets specified by the option are received for that particular chain entry. Logging may then be re-enabled by clearing the packet counter for that entry. -- Ben Smithurst | PGP: 0x99392F7D ben@scientia.demon.co.uk | key available from keyservers and | ben+pgp@scientia.demon.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990922111945.A21609>