Date: Thu, 9 Nov 2000 14:30:21 -0600 (CST) From: Mike Meyer <mwm@mired.org> To: Phil C <mongo@elephantitis.org> Cc: questions@freebsd.org Subject: Re: ipfw/database/logging development Message-ID: <14859.2397.192248.844800@guru.mired.org> In-Reply-To: <50311409@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
Phil C <mongo@elephantitis.org> types: > I wanted to initially write a perl script to monitor /var/log/security for > user defined ongoing's of ipfw. I was then going to use this data in a > database, which would expire entries after a defined amount of time. The > database (using MLDBM), could keep track of each ip which, for example was > blocked, the port(s) they tried to connect from/to and when... Monitoring scans, > both immediate and those gradually building over time would be simplified > greatly... (on a cable network I find myself under a regular barrage of > various intrusion attempts etc ranging from doze based attempts, like sub7 > scans to scans of ftp ssh portmap etc... ...) > > What I am looking for here... is someone to either tell me I am reinventing > the wheel... a place for good ipfw docs (I am already sub'ed to freebsd-ipfw, > just in case)... or perhaps a better design method... if you feel there is one. I'm not exactly sure what you're trying to do, but you didn't name any of the tools I've heard of that do real-time port watching. I'm not a security guru, but a trip through /usr/ports/security might be worth your while. <mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14859.2397.192248.844800>