Date: Sun, 9 Aug 1998 18:37:34 +1200 (NZST) From: Andrew McNaughton <andrew@squiz.co.nz> To: Kris Kennaway <kkennawa@physics.adelaide.edu.au> Cc: security@FreeBSD.ORG Subject: Re: Capturing IPFW denied packets Message-ID: <Pine.BSF.3.96.980809182601.2740B-100000@aniwa.sky> In-Reply-To: <Pine.OSF.3.90.980809145527.30908A-100000@bragg>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 9 Aug 1998, Kris Kennaway wrote: > Is there any way I can set things up to log the contents of the packets > which fail the ipfw filter? Can anyone think of legitimate reasons these > sites might want to know my identity or information about my DNS, other > than trying to harvest addresses for spammers? It's often useful to have the names of connecting hosts in your httpd logs. Recent versions of Apache don't do these lookups by default, but a fair proportion of servers do, probably most of them. Some servers may be configured to verify that the A record and the PTR record agree, since otherwise a bogus PTR record could be used to spoof where a connection is made from. It may be that the site uses ident info for valid reasons with local users, and that calling your identd is a side effect of this setup. I'm not sure why someone would use ident, but I guess since it made it into the standard http log format there must be a few people out there who think it's useful. Andrew McNaughton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980809182601.2740B-100000>