From owner-freebsd-security  Sat Aug  8 23:41:25 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA17005
          for freebsd-security-outgoing; Sat, 8 Aug 1998 23:41:25 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns1.yes.no (ns1.yes.no [195.119.24.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA17000
          for <security@FreeBSD.ORG>; Sat, 8 Aug 1998 23:41:23 -0700 (PDT)
          (envelope-from eivind@bitbox.follo.net)
Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218])
	by ns1.yes.no (8.8.7/8.8.7) with ESMTP id GAA10462;
	Sun, 9 Aug 1998 06:40:56 GMT
Received: (from eivind@localhost)
	by bitbox.follo.net (8.8.8/8.8.6) id IAA08461;
	Sun, 9 Aug 1998 08:40:55 +0200 (MET DST)
Message-ID: <19980809084055.46112@follo.net>
Date: Sun, 9 Aug 1998 08:40:55 +0200
From: Eivind Eklund <eivind@yes.no>
To: Kris Kennaway <kkennawa@physics.adelaide.edu.au>, security@FreeBSD.ORG
Subject: Re: Capturing IPFW denied packets
References: <Pine.OSF.3.90.980809145527.30908A-100000@bragg>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.89.1i
In-Reply-To: <Pine.OSF.3.90.980809145527.30908A-100000@bragg>; from Kris Kennaway on Sun, Aug 09, 1998 at 03:03:59PM +0930
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sun, Aug 09, 1998 at 03:03:59PM +0930, Kris Kennaway wrote:
> Is there any way I can set things up to log the contents of the packets
> which fail the ipfw filter?

By using a divert socket instead of a deny rule, probably.  You might need
some extra skipto rules to be able to make this work.

> Can anyone think of legitimate reasons these sites might want to know my
> identity or information about my DNS, other than trying to harvest
> addresses for spammers?

For the DNS, I can see the wish to log with verified DNS - it is used to
check against anybody that might attempt to attack their computer, and
showing a spoofed/changed DNS can be fairly helpful.

I can see no reason for identd.  Use whois to find out who the guy that own
the web-site is, and call him on the phone and ask.

Eivind.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message