From owner-freebsd-security Mon Feb 28 14:46:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from relay.wplus.net (relay.wplus.net [195.131.52.179]) by hub.freebsd.org (Postfix) with ESMTP id BE54137B990 for ; Mon, 28 Feb 2000 14:46:31 -0800 (PST) (envelope-from lev@imc.macro.ru) Received: from kernigan.wplus.net (kernigan.wplus.net [195.131.52.178]) by relay.wplus.net (8.9.1/8.9.1/wplus.2) with ESMTP id BAA25514 for ; Tue, 29 Feb 2000 01:45:34 +0300 (MSK) X-Real-To: Received: from lev.sereb.net (ip50-40.dialup.wplus.net [195.131.50.40]) by kernigan.wplus.net (8.9.1/8.9.1/wplus.2) with ESMTP id BAA09649 for ; Tue, 29 Feb 2000 01:45:37 +0300 (GMT+0300) Date: Tue, 29 Feb 2000 01:46:53 +0300 From: Lev Serebryakov X-Mailer: The Bat! (v1.36) S/N F29DEE5D / Educational X-Priority: 3 (Normal) Message-ID: <1774.000229@imc.macro.ru> To: All Subject: ipfw log accounting Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, All! Are there some tools to analyze output of "deny log ip from any to any" ipfw rule and find dangerous activity, like portscans and other? I want to analyze log every hour, and reset log counters after it. I don't want to receive messages about every single dropped packet. And one more question: How could I write rule, which skip all broadcast traffic? My computer is on big provider's net, and here is more than one broadcast address (many subnets on one wire)... Lev Serebryakov, 2:5030/661.0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message