From owner-freebsd-stable  Wed Apr 19  8:42:15 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from server07.icaen.uiowa.edu (server07.icaen.uiowa.edu [128.255.17.47])
	by hub.freebsd.org (Postfix) with ESMTP id 556B737B88D
	for <freebsd-stable@freebsd.org>; Wed, 19 Apr 2000 08:42:10 -0700 (PDT)
	(envelope-from pwgreen@engineering.uiowa.edu)
Received: from server01.icaen.uiowa.edu (server01.icaen.uiowa.edu [128.255.17.41]) by server07.icaen.uiowa.edu (8.9.3/8.9.3) with ESMTP id KAA25101 for <freebsd-stable@freebsd.org> sent by <pwgreen@engineering.uiowa.edu>; Wed, 19 Apr 2000 10:42:07 -0500 (CDT)
Received: from l-ecn000.icaen.uiowa.edu (pwgreen@l-ecn000.icaen.uiowa.edu [128.255.17.100]) by server01.icaen.uiowa.edu (8.8.7/8.7.1) with ESMTP id KAA09563 for <freebsd-stable@freebsd.org>; Wed, 19 Apr 2000 10:42:06 -0500 (CDT)
Received: (from pwgreen@localhost) by l-ecn000.icaen.uiowa.edu (8.9.3 (PHNE_18979)/client-6.6) id KAA01077; Wed, 19 Apr 2000 10:42:05 -0500 (CDT)
Organization: Iowa Computer Aided Engineering Network, University of Iowa
Date: Wed, 19 Apr 2000 10:42:05 -0500 (CDT)
From: Peter William Green <pwgreen@engineering.uiowa.edu>
To: freebsd-stable@freebsd.org
Subject: Re: Intrusion detection
In-Reply-To: <Pine.BSF.4.10.10004191718450.39737-100000@ipamzlx.physik.uni-mainz.de>
Message-ID: <Pine.HPX.4.21.0004191036540.972-100000@l-ecn000.icaen.uiowa.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

a small piece of this puzzle...

A quick way to see connection attempts to ports which you don't use is to
add

log_in_vain="YES" to /etc/rc.conf

this will (from man rc.conf)

log_in_vain   (bool) Set to NO by default.  Setting to YES will
enable logging of connection attempts to ports that have no 
listening socket on them.

-pete

On Wed, 19 Apr 2000, O. Hartmann wrote:

> Dear Sirs.
> Do we have in FreeBSD 4.0 a standard tool for detecting intrusion attempts?
> If this is the case, please tell me how to use it or otherwise please inform
> me where to find in the ports selection a probate tool for running on a server box.
> Thanks.
> 
> Gruss O. Hartmann
> -------------------------------------------------------------------
> ohartman@ipamzlx.physik.uni-mainz.de
> 
> Klimadatenserver des IPA, Universitaet Mainz
> Netzwerk- und Systembetreuung




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message