From owner-freebsd-security Tue Oct 15 23:28:25 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6D15C37B401 for ; Tue, 15 Oct 2002 23:28:23 -0700 (PDT) Received: from coredump.sreid.org (a0g1355ly34tj.bc.hsia.telus.net [66.183.30.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id 427BC43E7B for ; Tue, 15 Oct 2002 23:28:22 -0700 (PDT) (envelope-from sreid@gravitas.biz) Received: by coredump.sreid.org (Postfix, from userid 1000) id A11032AEF4; Tue, 15 Oct 2002 23:28:19 -0700 (PDT) Date: Tue, 15 Oct 2002 23:28:19 -0700 From: Steve Reid To: Maildrop Cc: freebsd-security@freebsd.org Subject: Re: FW: monitor ALL connections to ALL ports Message-ID: <20021016062819.GA10090@coredump> Mail-Followup-To: Steve Reid , Maildrop , freebsd-security@freebsd.org References: <20021014145602.K1231-100000@fubar.adept.org> <20021015175714.6ecbd83a.kzaraska@student.uci.agh.edu.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20021015175714.6ecbd83a.kzaraska@student.uci.agh.edu.pl> User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Oct 15, 2002 at 05:57:14PM +0200, Krzysztof Zaraska wrote: > I think it would be more useful to log only opening of the > connection; this can be accomplished using for example a 'setup' > keyword, e.g.: I believe there is also a "log in vain" sysctl variable to cause the kernel to log connection attempts to non-listening ports. Seems to be a quick and easy way to get what you want. The ipfw way is more flexible though. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message