From owner-freebsd-security Thu Sep 4 00:41:07 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id AAA13149 for security-outgoing; Thu, 4 Sep 1997 00:41:07 -0700 (PDT) Received: from central.webforum.de (uucp@central.webforum.de [193.141.169.166]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id AAA13136 for ; Thu, 4 Sep 1997 00:41:01 -0700 (PDT) Received: (from uucp@localhost) by central.webforum.de (8.7.6/8.7.6-webforum) id JAA26278; Thu, 4 Sep 1997 09:40:02 +0100 Received: from localhost (klaus@localhost) by gaston.m.isar.de (8.7.6/8.7.6-webforum) with SMTP id JAA27332; Thu, 4 Sep 1997 09:38:10 +0100 Date: Thu, 4 Sep 1997 09:38:10 +0100 (WET DST) From: Klaus Lichtenwalder To: Prashant Dongre cc: ArkanoiD , firewalls@GreatCircle.COM, freebsd-security@FreeBSD.ORG Subject: Re: log connection attempts? In-Reply-To: <340EE174.C45D396F@opentech.stpn.soft.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Thu, 4 Sep 1997, Prashant Dongre wrote: > ArkanoiD wrote: > > nuqneH, > > > > Did anyone try to patch the kernel to log connection attempts for ports > > (tcp and maybe udp) where no program accepts connection? (2.1.7) > > > > I _know_ i can do nearly the same with IP filtering/logging but i > > prefer another way.. > > > [...] > Have you configured kernel for IPFW (IP Firewall) ?. > > IPFW does log connection attempts for the ports which are blocked for a network. > > Messages get into /var/log/messages and also displayed on the console. > > Prashant > There's a patch for linux out that logs connection attempts to unserved ports. Might be worth a look if somebody tries to port sth like this to different os'. Klaus -- Klaus Lichtenwalder, Dipl. Inform., PGP Key: email to key@Four11.com Lichtenwalder@ACM.org http://www.wp.com/Klaus K.Lichtenwalder@Computer.org fax: +49-89-91072699 No wonder nobody comes here--it's too crowded. -Yogi Berra