From owner-freebsd-questions Wed Oct 16 3: 9: 2 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2735E37B401 for ; Wed, 16 Oct 2002 03:09:00 -0700 (PDT) Received: from mail1.ing.nl (mail1.ing.nl [145.221.93.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id E9EED43EAC for ; Wed, 16 Oct 2002 03:08:58 -0700 (PDT) (envelope-from Danny.Carroll@mail.ing.nl) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C274F9.1EBBCB49" Content-Transfer-Encoding: 7bit Subject: FW: FW: monitor ALL connections to ALL ports Date: Wed, 16 Oct 2002 11:48:03 +0200 Message-ID: X-MS-Has-Attach: yes X-MS-TNEF-Correlator: Importance: normal Thread-Topic: FW: monitor ALL connections to ALL ports thread-index: AcJ09695WjfneoW9TAirt51BUJsnPQAAV6Rw From: To: X-OriginalArrivalTime: 16 Oct 2002 09:48:03.0440 (UTC) FILETIME=[1EEE2F00:01C274F9] Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. ------_=_NextPart_001_01C274F9.1EBBCB49 Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: quoted-printable -----Original Message----- From: Peter Pentchev [mailto:roam@ringlet.net] Sent: 16 October 2002 11:37 To: Carroll, D. (Danny) Cc: maildrop@qwest.net; freebsd-security@freebsd.org Subject: Re: FW: monitor ALL connections to ALL ports On Wed, Oct 16, 2002 at 10:48:01AM +0200, Danny.Carroll@mail.ing.nl = wrote: > Something else you could do, if you want to put the effort into it is > to write a program that accepts all packets from ipfw (via a divert > rule) and then logs what you want before returning the untouched > packed back to ipfw. >=20 > Much like what natd does, except without the natting. > I am sure the natd sources would be very useful in this case. I am a bit surprised that nobody has mentioned ports/net/clog yet. It is simple yet effective; it does not log UDP packets, but this functionality may not be too hard to add. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence every third, but it still comprehensible. -----------------------------------------------------------------=0A= ATTENTION:=0A= The information in this electronic mail message is private and=0A= confidential, and only intended for the addressee. Should you=0A= receive this message by mistake, you are hereby notified that=0A= any disclosure, reproduction, distribution or use of this=0A= message is strictly prohibited. Please inform the sender by=0A= reply transmission and delete the message without copying or=0A= opening it.=0A= =0A= Messages and attachments are scanned for all viruses known.=0A= If this message contains password-protected attachments, the=0A= files have NOT been scanned for viruses by the ING mail domain.=0A= Always scan attachments before opening them.=0A= ----------------------------------------------------------------- ------_=_NextPart_001_01C274F9.1EBBCB49 Content-Type: application/pgp-signature; name="ATT00006.dat" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="ATT00006.dat" LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0NClZlcnNpb246IEdudVBHIHYxLjIuMCAoRnJl ZUJTRCkNCg0KaUQ4REJRRTlyVE5MN1JpMmpSWVpSVk1SQXJhbkFKd01jYS9lUE96LzYwSzlxbm43 SEF1U1pLcTNjQUNmWHFCMw0Ka0gxeUgyMlliajNScHIwcDB4YkJRTXM9DQo9NDVLZw0KLS0tLS1F TkQgUEdQIFNJR05BVFVSRS0tLS0tDQo= ------_=_NextPart_001_01C274F9.1EBBCB49-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message