Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 27 Jun 1997 13:31:32 -0400 (EDT)
From:      Bryan Swann <swann@nosc.mil>
To:        chas <sweeting@tm.net.my>
Cc:        security@FreeBSD.ORG
Subject:   Re: how can we monitor in real time ? (was Re: probing from  jrc-5-104.tm.net.my)
Message-ID:  <Pine.GSO.3.96.970627132947.2252A-100000@mailbox>
In-Reply-To: <3.0.32.19970627224059.009cece0@mail.tm.net.my>

next in thread | previous in thread | raw e-mail | index | archive | help
There is a tool I tried at one time called swatch.  It would monitor a log
file and perform an action based on information contained in the log.  It
is not that pretty, but you could configure it to send email or call other
programs that could potentially page you.

 __________________________________________________________________________
| Bryan Swann (swann@nosc.mil)  803/974-4267   803/974-5080 (Fax)          |
| Eagan McAllister Associates, Inc.                                        |
|                                                                          |
|  "Everything must be working perfectly, cause I don't smell any smoke"   |
 --------------------------------------------------------------------------

On Fri, 27 Jun 1997, chas wrote:

> I sent along a bit of info on this one earlier but it
> did prompt me to wonder :
> 
> "how can we check for this info (and DoS attackes or
> similar) in real time rather than afterwards in log files ?
> is there any software that can be configured to monitor
> your server and shout when it is possibly coming under
> attack ?"
> 
> Thank you very much,
> 
> chas
> 
> 
> 
> >>Anyone know anything about this host ?
> >>
> >>Name:    jrc-5-104.tm.net.my
> >>Address:  202.188.5.104
> >>
> >>I noticed it probing ports in ipfw's logs.
> >>
> >>abbreviations:  X = 202.188.5.104   Y = myhost   Z = myhost
> >>
> >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1422 Y:2 via de0
> >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1423 Y:3 via de0
> >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1424 Y:4 via de0
> >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1425 Y:5 via de0
> >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1426 Y:6 via de0
> >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1428 Y:8 via de0
> >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1429 Y:9 via de0
> >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1430 Y:10 via de0
> >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1431 Y:11 via de0
> >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1432 Y:12 via de0
> >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1433 Y:13 via de0
> >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1434 Y:14 via de0
> >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1435 Y:15 via de0
> >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1436 Y:16 via de0
> >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1437 Y:17 via de0
> >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1438 Y:18 via de0
> >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1440 Y:20 via de0
> >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1441 Y:21 via de0
> >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1443 Y:23 via de0
> >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1444 Y:24 via de0
> >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1445 Y:25 via de0
> >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1446 Y:26 via de0
> >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1447 Y:27 via de0
> >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1448 Y:28 via de0
> >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1449 Y:29 via de0
> >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1450 Y:30 via de0
> >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1451 Y:31 via de0
> >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1452 Y:32 via de0
> >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1453 Y:33 via de0
> >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1454 Y:34 via de0
> >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1455 Y:35 via de0
> >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1456 Y:36 via de0
> >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1457 Y:37 via de0
> >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1458 Y:38 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1459 Y:39 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1460 Y:40 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1461 Y:41 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1462 Y:42 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1463 Y:43 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1464 Y:44 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1465 Y:45 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1466 Y:46 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1467 Y:47 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1468 Y:48 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1469 Y:49 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1470 Y:50 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1471 Y:51 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1472 Y:52 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1473 Y:53 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1474 Y:54 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1475 Y:55 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1476 Y:56 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1477 Y:57 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1478 Y:58 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1479 Y:59 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1480 Y:60 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1481 Y:61 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1482 Y:62 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1483 Y:63 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1484 Y:64 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1485 Y:65 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1486 Y:66 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1487 Y:67 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1488 Y:68 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1489 Y:69 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1490 Y:70 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1491 Y:71 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1492 Y:72 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1493 Y:73 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1494 Y:74 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1495 Y:75 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1496 Y:76 via de0
> >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1497 Y:77 via de0
> >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1430 Y:10 via de0
> >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1432 Y:12 via de0
> >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1433 Y:13 via de0
> >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1431 Y:11 via de0
> >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1434 Y:14 via de0
> >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1441 Y:21 via de0
> >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1435 Y:15 via de0
> >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1436 Y:16 via de0
> >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1443 Y:23 via de0
> >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1444 Y:24 via de0
> >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1445 Y:25 via de0
> >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1438 Y:18 via de0
> >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1446 Y:26 via de0
> >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1447 Y:27 via de0
> >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1448 Y:28 via de0
> >>Jun 25 04:07:15 Z /kernel: ipfw: limit reached on rule #2600
> >>
> >>
> >>
> >>--
> >>Rob Hartill                              Internet Movie Database (Ltd)
> >>http://www.moviedatabase.com/   .. a site for sore eyes.
> >>
> >>
> 




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.3.96.970627132947.2252A-100000>