Date: Wed, 22 Sep 1999 11:19:45 +0100 From: Ben Smithurst <ben@scientia.demon.co.uk> To: Christopher Michaels <ChrisMic@clientlogic.com> Cc: Joe Bo <ibjoe@home.com>, freebsd-questions@FreeBSD.ORG Subject: Re: is this an attack? Message-ID: <19990922111945.A21609@lithium.scientia.demon.co.uk> In-Reply-To: <6C37EE640B78D2118D2F00A0C90FCB4401105C85@site2s1> References: <6C37EE640B78D2118D2F00A0C90FCB4401105C85@site2s1>
next in thread | previous in thread | raw e-mail | index | archive | help
Christopher Michaels wrote:
> Also, since you have tcp_wrappers installed take a look at 'man 5
> hosts_access' and 'man 5 hosts_options'.
>
> Both are well documented, and unlike the ipfw solution (which is a good
> one), tcp_wrappers does log attempted connections.
Ipfw *can* log, and all my deny rules do. (With the exception of 65535
0 0 deny ip from any to any, but that cannot be reached because of the
earlier 02700 0 0 deny log ip from any to any.)
$ man ipfw
[...]
If the kernel was compiled with IPFIREWALL_VERBOSE, then when a packet
matches a rule with the log keyword a message will be printed on the con-
sole. If the kernel was compiled with the IPFIREWALL_VERBOSE_LIMIT op-
tion, then logging will cease after the number of packets specified by
the option are received for that particular chain entry. Logging may
then be re-enabled by clearing the packet counter for that entry.
--
Ben Smithurst | PGP: 0x99392F7D
ben@scientia.demon.co.uk | key available from keyservers and
| ben+pgp@scientia.demon.co.uk
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990922111945.A21609>