Date: Mon, 28 Feb 2000 17:46:19 -0600 From: Dave McKay <dave@mu.org> To: Lev Serebryakov <lev@imc.macro.ru> Cc: All <freebsd-security@FreeBSD.ORG> Subject: Re: ipfw log accounting Message-ID: <20000228174619.A71978@elvis.mu.org> In-Reply-To: <1774.000229@imc.macro.ru> References: <1774.000229@imc.macro.ru>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] Lev Serebryakov (lev@imc.macro.ru) wrote: > Hi, All! > > Are there some tools to analyze output of "deny log ip from any to > any" ipfw rule and find dangerous activity, like portscans and other? > I want to analyze log every hour, and reset log counters after it. > I don't want to receive messages about every single dropped packet. > > And one more question: > How could I write rule, which skip all broadcast traffic? My > computer is on big provider's net, and here is more than one > broadcast address (many subnets on one wire)... > A tool such as you are asking would be easily written in perl. Just have your ipfw log to a file through syslogd or ipfw itself. Then write a tool to check and analyse the data and send you mail on it every hour. -- Dave McKay Network Engineer - Google Inc. dave@mu.org - dave@google.com I'm feeling lucky... [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQCVAwUBOLsIy3Y8vP7IQ1TlAQHGIwQArBTO9mlUSy2vb65l5oHflctgwnij7cU9 Zj5lmqelBuFJ9i5sTJuIUz91+eqZgqc1j6lzNQJlVpfVGlcxXxUQSW3h2PDtzIgr l8KyvqEHt+9kgeb+6V+54FiI88a+SCnmhfLvdDPtphgpreIWbtrQWFedK7uYiJUP BnWgvFMBb+c= =K3vJ -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000228174619.A71978>