Date: Tue, 4 Dec 2001 14:25:49 -0200 From: "Ronan Lucio" <ronan@melim.com.br> To: <security@freebsd.org> Subject: Attack logs Message-ID: <10f701c17ce0$56141600$2aa8a8c0@melim.com.br> References: <006001c17cdf$ab181d00$04e3a8c0@beco.hu> <008d01c17ce3$910c08f0$04e3a8c0@beco.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi All,
I hava seem that older versions of FreeBSD had mored detailed logs.
For example:
When some one did a flood, it had show a log like this:
Dec 4 14:15:30 server /kernel: ipfw: 3200 Deny ICMP:8.0 210.90.188.221
192.168.1.224 in via xl0
Dec 4 14:15:30 server /kernel: ipfw: 3200 Deny ICMP:8.0 210.90.188.221
192.168.1.224 in via xl0
Dec 4 14:15:30 server /kernel: ipfw: 3200 Deny ICMP:8.0 210.90.188.221
192.168.1.224 in via xl0
Dec 4 14:15:30 server /kernel: ipfw: 3200 Deny ICMP:8.0 210.90.188.221
192.168.1.224 in via xl0
Dec 4 14:15:30 server /kernel: ipfw: limit reached on rule #3200
Now, after a installed FreeBSD-4.3, it just show me:
ipfw: limit reached on rule #3200
I have looked in the security check output diary mail and /var/log/messages
file.
I have included the follow options:
- Kernel
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=500
options IPFIREWALL_DEFAULT_TO_ACCEPT
- /etc/rc.conf
firewall_enable="YES"
firewall_logging="YES"
- Ipfw rules
The rules that deny some service are seted with deny log option.
Does anybody could help me to get a more detailed log?
Thank´s to all.
Ronan
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?10f701c17ce0$56141600$2aa8a8c0>