Date: Wed, 16 Oct 2002 11:48:03 +0200 From: <Danny.Carroll@mail.ing.nl> To: <freebsd-questions@freebsd.org> Subject: FW: FW: monitor ALL connections to ALL ports Message-ID: <C6304883FB11E347AD4958D3F14EC00AE89358@ing.com>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------_=_NextPart_001_01C274F9.1EBBCB49 Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: quoted-printable -----Original Message----- From: Peter Pentchev [mailto:roam@ringlet.net] Sent: 16 October 2002 11:37 To: Carroll, D. (Danny) Cc: maildrop@qwest.net; freebsd-security@freebsd.org Subject: Re: FW: monitor ALL connections to ALL ports On Wed, Oct 16, 2002 at 10:48:01AM +0200, Danny.Carroll@mail.ing.nl = wrote: > Something else you could do, if you want to put the effort into it is > to write a program that accepts all packets from ipfw (via a divert > rule) and then logs what you want before returning the untouched > packed back to ipfw. >=20 > Much like what natd does, except without the natting. > I am sure the natd sources would be very useful in this case. I am a bit surprised that nobody has mentioned ports/net/clog yet. It is simple yet effective; it does not log UDP packets, but this functionality may not be too hard to add. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence every third, but it still comprehensible. -----------------------------------------------------------------=0A= ATTENTION:=0A= The information in this electronic mail message is private and=0A= confidential, and only intended for the addressee. Should you=0A= receive this message by mistake, you are hereby notified that=0A= any disclosure, reproduction, distribution or use of this=0A= message is strictly prohibited. Please inform the sender by=0A= reply transmission and delete the message without copying or=0A= opening it.=0A= =0A= Messages and attachments are scanned for all viruses known.=0A= If this message contains password-protected attachments, the=0A= files have NOT been scanned for viruses by the ING mail domain.=0A= Always scan attachments before opening them.=0A= ----------------------------------------------------------------- ------_=_NextPart_001_01C274F9.1EBBCB49 Content-Type: application/pgp-signature; name="ATT00006.dat" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="ATT00006.dat" LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0NClZlcnNpb246IEdudVBHIHYxLjIuMCAoRnJl ZUJTRCkNCg0KaUQ4REJRRTlyVE5MN1JpMmpSWVpSVk1SQXJhbkFKd01jYS9lUE96LzYwSzlxbm43 SEF1U1pLcTNjQUNmWHFCMw0Ka0gxeUgyMlliajNScHIwcDB4YkJRTXM9DQo9NDVLZw0KLS0tLS1F TkQgUEdQIFNJR05BVFVSRS0tLS0tDQo= ------_=_NextPart_001_01C274F9.1EBBCB49-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C6304883FB11E347AD4958D3F14EC00AE89358>