Date: Wed, 3 Mar 2004 09:27:58 -0600 From: Nathan Kinkade <nkinkade@ub.edu.bz> To: Francisco Reyes <lists@natserv.com> Cc: FreeBSD Security List <freebsd-security@freebsd.org> Subject: Re: How to monitoring activity on a card? Message-ID: <20040303152758.GW13775@nkinkade.bmp.ub> In-Reply-To: <20040303094647.J93367@zoraida.natserv.net> References: <20040303094647.J93367@zoraida.natserv.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--1Wg5Vd7si6EhrIHA Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 03, 2004 at 09:51:15AM +0000, Francisco Reyes wrote: > My setup 4.9 stable with IPFW. Machine acts as gateway for two machines. >=20 > What are my options on monitoring activity on my external card? >=20 > This morning I noticed my DSL modem activity light is blinking non-stop. > Looking at /var/log/ don't see anything suspicious. >=20 > I feel tempted to add "log" to all my ipfw pass rules, but wonder if there > isn't a better way. >=20 > I am mostly concerned there is either some kind of attack going on or > somehow the machine was hacked and it's running something it's not > supposed to. There are a lot of utilities in the ports collection that will allow you to monitor your network activity. One small and useful one is at net/trafshow. It's not fancy, but it is curses based and will give you a quick idea of what is going on. Other considerations might be ntop or ethereal. Nathan --=20 gpg --keyserver pgp.mit.edu --recv-keys D8527E49 --1Wg5Vd7si6EhrIHA Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQFARfl+O0ZIEthSfkkRAkhAAJ41P443kVhBrq/TtndJSc1c2b/h5ACfcLh4 SnzrTYeHOUNcWGdP/SgLV6o= =oEe8 -----END PGP SIGNATURE----- --1Wg5Vd7si6EhrIHA--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040303152758.GW13775>