Date: Tue, 4 May 1999 21:09:05 -0700 From: Gregory Sutter <gsutter@pobox.com> To: Doug White <dwhite@resnet.uoregon.edu> Cc: MPN <neubyneu@twcny.rr.com>, freebsd-questions@FreeBSD.ORG Subject: Re: Back Orifice....?>?>? Message-ID: <19990504210905.B74780@001101.zer0.org> In-Reply-To: <Pine.BSF.4.03.9905041605000.28350-100000@resnet.uoregon.edu>; from Doug White on Tue, May 04, 1999 at 04:05:17PM -0700 References: <000701be967d$771202a0$04c809c0@kramer.cmsnet.net> <Pine.BSF.4.03.9905041605000.28350-100000@resnet.uoregon.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, May 04, 1999 at 04:05:17PM -0700, Doug White wrote: > On Tue, 4 May 1999, MPN wrote: > > > Hello. I was wondering if anyone knows of a program for FreeBSD which > > will sit on the BO port and wait for a connection. When it connects, > > log where it came from, etc. Thanks in advance! > > You could work something out between tcpwrappers and inetd, probably. /usr/ports/security/sentry is meant for this task. It rocks! Here is a log excerpt of a sentry catch: Apr 11 11:14:38 <4.3> kipling ftpd[23558]: warning: can't verify hostname: gethostbyname(TR1DwDFboN.turk.net) failed Apr 11 11:14:38 <4.6> kipling ftpd[23558]: connect from 212.57.25.69 Apr 11 11:14:43 <4.5> kipling abacus_sentry[91959]: attackalert: Connect from host: TR1DwDFboN.turk.net/212.57.25.69 to TCP port: 31337 Apr 11 11:14:43 <4.5> kipling abacus_sentry[91959]: attackalert: Host 212.57.25.69 has been blocked via wrappers. Apr 11 11:14:43 <4.5> kipling abacus_sentry[91959]: attackalert: Connect from host: TR1DwDFboN.turk.net/212.57.25.69 to TCP port: 1 Apr 11 11:14:43 <4.5> kipling abacus_sentry[91959]: attackalert: Host: 212.57.25.69 is already blocked. Ignoring Apr 11 11:14:46 <4.5> kipling abacus_sentry[91959]: attackalert: Connect from host: TR1DwDFboN.turk.net/212.57.25.69 to TCP port: 1 Apr 11 11:14:46 <4.5> kipling abacus_sentry[91959]: attackalert: Host: 212.57.25.69 is already blocked. Ignoring Apr 11 11:14:47 <4.5> kipling abacus_sentry[91959]: attackalert: Connect from host: TR1DwDFboN.turk.net/212.57.25.69 to TCP port: 143 Apr 11 11:14:47 <4.5> kipling abacus_sentry[91959]: attackalert: Host: 212.57.25.69 is already blocked. Ignoring Apr 11 11:18:43 <4.5> kipling abacus_sentry[91959]: attackalert: Connect from host: TR1DwDFboN.turk.net/212.57.25.69 to TCP port: 31337 Apr 11 11:18:43 <4.5> kipling abacus_sentry[91959]: attackalert: Host: 212.57.25.69 is already blocked. Ignoring Greg -- Gregory S. Sutter Black holes were created mailto:gsutter@pobox.com when God divided by zero. http://www.pobox.com/~gsutter/ PGP DSS public key 0x40AE3052 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990504210905.B74780>