Date: Thu, 9 Nov 2000 09:04:26 -1000 From: Gary Dunn <gdunng@mac.com> To: Phil C <mongo@elephantitis.org>, freebsd-questions@FreeBSD.ORG Subject: Re: ipfw/database/logging development Message-ID: <00110909324700.10098@shf102107.hi.pac.army.mil> In-Reply-To: <20001109000826.B13677@planw-22-181.pompano.net> References: <20001109000826.B13677@planw-22-181.pompano.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 08 Nov 2000, Phil C wrote: > I have been pondering over the past few days, if would be more sensable > to develop something one way or the other... Anyone interested in commenting > please do.... > > I wanted to initially write a perl script to monitor /var/log/security for > user defined ongoing's of ipfw. I was then going to use this data in a > database, which would expire entries after a defined amount of time. The > database (using MLDBM), could keep track of each ip which, for example was > blocked, the port(s) they tried to connect from/to and when... Monitoring scans, > both immediate and those gradually building over time would be simplified > greatly... (on a cable network I find myself under a regular barrage of > various intrusion attempts etc ranging from doze based attempts, like sub7 > scans to scans of ftp ssh portmap etc... ...) [snip] I can't address your technical questions other than to say that whenever someone scans my FreeBSD boxes -- even my two year old 3.0 box -- some sort of detection mechanism (tcpwrappers?) spews out stuff on the console log window, which is great. I suppose there are more subtle forms of probes that don't trigger these alarms, and that those are what you want to detect. What concerns me is that in the past year there has been a huge increase in the number of households using cable modems (aka RoardRunner). Even small businesses and schools. Few of these people have a clue about network security. Some install a "firewall" application, but I am skeptical about the effectiveness of such programs. As far as I know, cable modem service providers offer no security, not even simple IP address blocking at the router. Are we all being placed at greater risk because of inadequate security measures involving cable modems? Or is the threat a mirage? -- == Gary Dunn == Honolulu == Open Slate Project To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00110909324700.10098>