From owner-freebsd-hackers  Thu Sep  4 07:35:38 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id HAA02157
          for hackers-outgoing; Thu, 4 Sep 1997 07:35:38 -0700 (PDT)
Received: from cyrus.watson.org (robert@AMALTHEA.RES.CMU.EDU [128.2.91.57])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id HAA02152;
          Thu, 4 Sep 1997 07:35:35 -0700 (PDT)
Received: from localhost (robert@localhost)
	by cyrus.watson.org (8.8.5/8.8.5) with SMTP id KAA01567;
	Thu, 4 Sep 1997 10:35:12 -0400 (EDT)
Date: Thu, 4 Sep 1997 10:35:11 -0400 (EDT)
From: Robert Watson <robert@cyrus.watson.org>
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: ArkanoiD <ark@paranoid.convey.ru>
cc: pdongre@opentech.stpn.soft.net, firewalls@greatcircle.com,
        freebsd-security@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG
Subject: Re: log connection attempts?
In-Reply-To: <199709041158.PAA00746@paranoid.convey.ru>
Message-ID: <Pine.BSF.3.96.970904103344.1543B-100000@cyrus.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Thu, 4 Sep 1997, ArkanoiD wrote:

> No , (btw i use IPFilter,not ipfw), do not want to log blocked packets/
> create additional filtering rules etc. As i said i do know how to do that.
> I just do not want to. I want to log connection attempts without that.

Take a look at these two locations -- there was mention of a better syslog
here on freebsd-security recently.  There were also statistics-gathering
modifications on disconnected ports.

http://minnie.cs.adfa.oz.au/Seminars/AUUG96/index.html
ftp://minnie.cs.adfa.oz.au/pub/NetSecurity/

Hope that helps.

  Robert N Watson 

Junior, Logic+Computation, Carnegie Mellon University  http://www.cmu.edu/
Network Administrator, SafePort Network Services  http://www.safeport.com/
robert@fledge.watson.org rwatson@safeport.com http://www.watson.org/~robert/