Date: Sat, 11 Dec 2004 09:51:28 +0200 From: Vasil Dimov <vd@datamax.bg> To: freebsd-security@freebsd.org Subject: need some advice on connections logs Message-ID: <20041211075128.GA35474@sinanica.bg.datamax>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Hello- > > What is the best way to deal with getting logs for someone attacking my > box? I am not really sure, but I think it may involve tcpdump. Is > there any way to implement this so that it can be running before an > attack happens?.....see the problem is, that I do not have physical > access to the box and if it is taken down(unaccessible by remote means), > I cannot log in to start a dump. What can I do in this case, or what > are my options, if I want to have the network connections dumped somehow > with no intervention?....is that a tall order? > > Thanks, > Bob See ipfw(8) and/or ipf(8), ipf(5) and/or pfctl(8), pf.conf(5), pflogd(8) (5.x only) Especially the log options for those facilities. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBuqcAFw6SP/bBpCARAnzZAJ4/FY9eDIbUIl8ZqCOXiXwSsyD/NACeMvUV YteM4eFE6q/7msvgCbJlk8k= =6uzJ -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041211075128.GA35474>