From owner-freebsd-security  Wed Sep  3 05:22:50 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id FAA08707
          for security-outgoing; Wed, 3 Sep 1997 05:22:50 -0700 (PDT)
Received: from cicero.cybercity.dk (cicero.cybercity.dk [195.8.128.13])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id FAA08682;
          Wed, 3 Sep 1997 05:22:43 -0700 (PDT)
Received: from schizo.dk.tfs.com (mail.trw.dk [195.8.133.123])
	by cicero.cybercity.dk (8.8.5/8.8.5) with ESMTP id OAA18648;
	Wed, 3 Sep 1997 14:16:49 +0200 (CEST)
Received: from critter.freebsd.dk (critter.dk.tfs.com [140.145.230.252]) by schizo.dk.tfs.com (8.8.5/8.7.3) with ESMTP id LAA13138; Wed, 3 Sep 1997 11:52:55 +0200 (MET DST)
Received: from critter.freebsd.dk (localhost.dk.tfs.com [127.0.0.1])
	by critter.freebsd.dk (8.8.7/8.8.7) with ESMTP id LAA04928;
	Wed, 3 Sep 1997 11:52:29 +0200 (CEST)
To: ArkanoiD <ark@paranoid.convey.ru>
cc: firewalls@greatcircle.com, freebsd-security@freebsd.org,
        freebsd-hackers@freebsd.org
Subject: Re: log connection attempts? 
In-reply-to: Your message of "Wed, 03 Sep 0136 12:40:07 +0400."
             <203609030840.MAA14571@paranoid.convey.ru> 
Date: Wed, 03 Sep 1997 11:52:29 +0200
Message-ID: <4926.873280349@critter.freebsd.dk>
From: Poul-Henning Kamp <phk@critter.freebsd.dk>
Sender: owner-freebsd-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In message <203609030840.MAA14571@paranoid.convey.ru>, ArkanoiD writes:
>nuqneH,
>
>Did anyone try to patch the kernel to log connection attempts for ports
>(tcp and maybe udp) where no program accepts connection? (2.1.7)

Set these two sysctl variables to non-zero:
	net.inet.tcp.log_in_vain: 0
	net.inet.udp.log_in_vain: 0


--
Poul-Henning Kamp             FreeBSD coreteam member
phk@FreeBSD.ORG               "Real hackers run -current on their laptop."