Date: Mon, 24 May 1999 22:17:03 -0600 (MDT) From: "Jason L. Schwab" <jschwab@royal.net> To: wkt@cs.adfa.edu.au Cc: freebsd-security@FreeBSD.ORG Subject: Re: TCP connect data logger Message-ID: <Pine.BSF.4.05.9905242216520.769-100000@shellsys.net> In-Reply-To: <199905250213.MAA02815@henry.cs.adfa.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Yes, I'm interested in it! Sounds like something I could use! - ------------------------------------- Jason L. Schwab <jschwab@royal.net> * Unix System Administrator * ------------------------------------- On Tue, 25 May 1999, Warren Toomey wrote: > This is strictly off-topic for FreeBSD, but anyway ... A few people desired > to know why someone was attacking port X on their box. Ages ago, I wrote a > small program, tcpsuck, that is run from inetd. Tcpsuck sits on a port and > logs the data coming in. It stops after a pre-defined timeout, or when the > remote end break the connection. > > This can help you to determine what they are looking for. It also slows > TCP port strobe attacks, too :-) > > Here is where I use it on my system: > > bootserver stream tcp nowait nobody /usr/libexec/tcpsuck tcpsuck > cisco-tna stream tcp nowait nobody /usr/libexec/tcpsuck tcpsuck > exec stream tcp nowait nobody /usr/libexec/tcpsuck tcpsuck > cmd stream tcp nowait nobody /usr/libexec/tcpsuck tcpsuck > nicname stream tcp nowait nobody /usr/libexec/tcpsuck tcpsuck > pop2 stream tcp nowait nobody /usr/libexec/tcpsuck tcpsuck > pop3 stream tcp nowait nobody /usr/libexec/tcpsuck tcpsuck > imap2 stream tcp nowait nobody /usr/libexec/tcpsuck tcpsuck > supdup stream tcp nowait nobody /usr/libexec/tcpsuck tcpsuck > systat stream tcp nowait nobody /usr/libexec/tcpsuck tcpsuck > tcpmux stream tcp nowait nobody /usr/libexec/tcpsuck tcpsuck > login stream tcp nowait nobody /usr/libexec/tcpsuck tcpsuck > shell stream tcp nowait nobody /usr/libexec/tcpsuck tcpsuck > > I also wrote a udpsuck program for UDP ports, but current FreeBSD versions > have UDP packet logging built-in. > > Anybody interested in tcpsuck? > > Warren > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9905242216520.769-100000>