Date: Fri, 27 Jun 1997 15:02:53 -0400 (EDT) From: Brian Mitchell <brian@firehouse.net> To: Nathan Dorfman <nathan@senate.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: ICMP Logging Message-ID: <Pine.BSI.3.95.970627150147.1016A-100000@shell.firehouse.net> In-Reply-To: <199706271343.JAA04122@limbo.senate.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 27 Jun 1997, Nathan Dorfman wrote: > Is there a way for the kernel to syslog(3) all ICMP messages? This would serve > two purposes; a) as I have all syslog messages directed to an unused vty I > could observer such DoS attacks in progress and b) if they are stored in the > log files I could use the logs in case the matter needed to be pursued further. > > If this is not a part of the current kernel, it would (IMO) be a very good > addition to -current and -stable. If you *are* planning on adding it soon, > please let me know and I'll hold off my upgrade (I'm currently running 2.2.1- > RELEASE and wanted to upgrade to -stable). > ipfw can do this; also, you could redirect tcpdump to a log file. You could also write a program using raw sockets to log icmp, or do the same with bpf. The latter has an advantage of being able to log icmp directed to any machine on your segment. Brian Mitchell brian@firehouse.net "BSD code sucks. Of course, everything else sucks far more." - Theo de Raadt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.95.970627150147.1016A-100000>