Date: Mon, 28 Feb 2000 17:46:19 -0600 From: Dave McKay <dave@mu.org> To: Lev Serebryakov <lev@imc.macro.ru> Cc: All <freebsd-security@FreeBSD.ORG> Subject: Re: ipfw log accounting Message-ID: <20000228174619.A71978@elvis.mu.org> In-Reply-To: <1774.000229@imc.macro.ru> References: <1774.000229@imc.macro.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--y0ulUmNC+osPPQO6 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Lev Serebryakov (lev@imc.macro.ru) wrote: > Hi, All! >=20 > Are there some tools to analyze output of "deny log ip from any to > any" ipfw rule and find dangerous activity, like portscans and other? > I want to analyze log every hour, and reset log counters after it. > I don't want to receive messages about every single dropped packet. >=20 > And one more question: > How could I write rule, which skip all broadcast traffic? My > computer is on big provider's net, and here is more than one > broadcast address (many subnets on one wire)... >=20 A tool such as you are asking would be easily written in perl. Just have your ipfw log to a file through syslogd or ipfw itself. Then write a tool to check and analyse the data and send you mail on it every hour. --=20 Dave McKay Network Engineer - Google Inc. dave@mu.org - dave@google.com I'm feeling lucky... --y0ulUmNC+osPPQO6 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQCVAwUBOLsIy3Y8vP7IQ1TlAQHGIwQArBTO9mlUSy2vb65l5oHflctgwnij7cU9 Zj5lmqelBuFJ9i5sTJuIUz91+eqZgqc1j6lzNQJlVpfVGlcxXxUQSW3h2PDtzIgr l8KyvqEHt+9kgeb+6V+54FiI88a+SCnmhfLvdDPtphgpreIWbtrQWFedK7uYiJUP BnWgvFMBb+c= =K3vJ -----END PGP SIGNATURE----- --y0ulUmNC+osPPQO6-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000228174619.A71978>