From owner-freebsd-security Sat Oct 23 22:59:47 1999 Delivered-To: freebsd-security@freebsd.org Received: from atdot.dotat.org (atdot.dotat.org [150.101.89.3]) by hub.freebsd.org (Postfix) with ESMTP id C948415084 for ; Sat, 23 Oct 1999 22:59:40 -0700 (PDT) (envelope-from newton@atdot.dotat.org) Received: (from newton@localhost) by atdot.dotat.org (8.9.3/8.7) id PAA55113; Sun, 24 Oct 1999 15:26:58 +0930 (CST) From: Mark Newton Message-Id: <199910240556.PAA55113@atdot.dotat.org> Subject: Re: kernel patch to detect port scan, without turning on ports... To: arussell@bifrost.agrknives.com (A.G. Russell IV) Date: Sun, 24 Oct 1999 15:26:57 +0930 (CST) Cc: security@FreeBSD.ORG In-Reply-To: <199910240554.AAA11814@bifrost.agrknives.com> from "A.G. Russell IV" at Oct 24, 99 00:54:22 am X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org A.G. Russell IV wrote: > Sorry if this is redundant, > I'm looking for the kernel patch to allow detection of a port scan without > turning on each of the ports. Execute the following sysctl -w net.inet.tcp.log_in_vain=1 sysctl -w net.inet.udp.log_in_vain=1 You'll get a console log message whenever someone tries to reach a port which isn't listening. - mark -------------------------------------------------------------------- I tried an internal modem, newton@atdot.dotat.org but it hurt when I walked. Mark Newton ----- Voice: +61-4-1620-2223 ------------- Fax: +61-8-82231777 ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message