From owner-freebsd-questions  Wed Sep 22  3:43:58 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from scientia.demon.co.uk (scientia.demon.co.uk [212.228.14.13])
	by hub.freebsd.org (Postfix) with ESMTP id 1FC66157E8
	for <freebsd-questions@freebsd.org>; Wed, 22 Sep 1999 03:43:54 -0700 (PDT)
	(envelope-from ben@scientia.demon.co.uk)
Received: from lithium.scientia.demon.co.uk ([192.168.0.3] ident=exim)
	by scientia.demon.co.uk with esmtp (Exim 3.032 #1)
	id 11TjV7-0005tN-00; Wed, 22 Sep 1999 11:19:49 +0100
Received: (from ben) by lithium.scientia.demon.co.uk (Exim 3.032 #1)
	id 11TjV4-0005dq-00; Wed, 22 Sep 1999 11:19:46 +0100
Date: Wed, 22 Sep 1999 11:19:45 +0100
From: Ben Smithurst <ben@scientia.demon.co.uk>
To: Christopher Michaels <ChrisMic@clientlogic.com>
Cc: Joe Bo <ibjoe@home.com>, freebsd-questions@FreeBSD.ORG
Subject: Re: is this an attack?
Message-ID: <19990922111945.A21609@lithium.scientia.demon.co.uk>
References: <6C37EE640B78D2118D2F00A0C90FCB4401105C85@site2s1>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.6i
In-Reply-To: <6C37EE640B78D2118D2F00A0C90FCB4401105C85@site2s1>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Christopher Michaels wrote:

> Also, since you have tcp_wrappers installed take a look at 'man 5
> hosts_access' and 'man 5 hosts_options'.
> 
> Both are well documented, and unlike the ipfw solution (which is a good
> one), tcp_wrappers does log attempted connections.

Ipfw *can* log, and all my deny rules do. (With the exception of 65535
0 0 deny ip from any to any, but that cannot be reached because of the
earlier 02700 0 0 deny log ip from any to any.)

$ man ipfw

[...]

     If the kernel was compiled with IPFIREWALL_VERBOSE, then when a packet
     matches a rule with the log keyword a message will be printed on the con-
     sole.  If the kernel was compiled with the IPFIREWALL_VERBOSE_LIMIT op-
     tion, then logging will cease after the number of packets specified by
     the option are received for that particular chain entry.  Logging may
     then be re-enabled by clearing the packet counter for that entry.

-- 
Ben Smithurst            | PGP: 0x99392F7D
ben@scientia.demon.co.uk |   key available from keyservers and
                         |   ben+pgp@scientia.demon.co.uk


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message