From owner-freebsd-security Sat Aug 15 21:20:50 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA28272 for freebsd-security-outgoing; Sat, 15 Aug 1998 21:20:50 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.224.24]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA28267 for ; Sat, 15 Aug 1998 21:20:47 -0700 (PDT) (envelope-from avalon@coombs.anu.edu.au) Message-Id: <199808160420.VAA28267@hub.freebsd.org> Received: by cheops.anu.edu.au (1.37.109.16/16.2) id AA175391203; Sun, 16 Aug 1998 14:20:04 +1000 From: Darren Reed Subject: Re: Capturing IPFW denied packets To: kkennawa@physics.adelaide.edu.au (Kris Kennaway) Date: Sun, 16 Aug 1998 14:20:03 +1000 (EST) Cc: security@FreeBSD.ORG In-Reply-To: from "Kris Kennaway" at Aug 9, 98 03:03:59 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Kris Kennaway, sie said: [...] > Is there any way I can set things up to log the contents of the packets > which fail the ipfw filter? Can anyone think of legitimate reasons these > sites might want to know my identity or information about my DNS, other > than trying to harvest addresses for spammers? ipfilter which will run on freebsd can do the above. using ordinary rules, upto 128* data bytes from a packet will be logged or the blocked packet can be sent to another IP# (fake or real). e.g. block in log body proto udp from any to any port = 53 Darren * - this could be increased if you really wanted... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message