Date: Tue, 29 Feb 2000 01:46:53 +0300 From: Lev Serebryakov <lev@imc.macro.ru> To: All <freebsd-security@FreeBSD.org> Subject: ipfw log accounting Message-ID: <1774.000229@imc.macro.ru>
next in thread | raw e-mail | index | archive | help
Hi, All!
Are there some tools to analyze output of "deny log ip from any to
any" ipfw rule and find dangerous activity, like portscans and other?
I want to analyze log every hour, and reset log counters after it.
I don't want to receive messages about every single dropped packet.
And one more question:
How could I write rule, which skip all broadcast traffic? My
computer is on big provider's net, and here is more than one
broadcast address (many subnets on one wire)...
Lev Serebryakov, 2:5030/661.0
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1774.000229>