From owner-freebsd-hackers  Thu Sep  4 05:54:59 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id FAA25615
          for hackers-outgoing; Thu, 4 Sep 1997 05:54:59 -0700 (PDT)
Received: from paranoid.convey.ru (ws03.convey.ru [195.182.128.18])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id FAA25609;
          Thu, 4 Sep 1997 05:54:49 -0700 (PDT)
Received: (from ark@localhost) by paranoid.convey.ru (8.7.5/8.7.3) id PAA00746; Thu, 4 Sep 1997 15:58:07 +0400
From: ArkanoiD <ark@paranoid.convey.ru>
Message-Id: <199709041158.PAA00746@paranoid.convey.ru>
Subject: Re: log connection attempts?
To: pdongre@opentech.stpn.soft.net
Date: Thu, 4 Sep 1997 15:58:07 +0400 (MSD)
Cc: firewalls@greatcircle.com, freebsd-security@FreeBSD.ORG,
        freebsd-hackers@FreeBSD.ORG
In-Reply-To: <340EE174.C45D396F@opentech.stpn.soft.net> from "Prashant Dongre" at Sep 4, 97 11:27:33 am
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

nuqneH,

> 
> ArkanoiD wrote:
> 
> > nuqneH,
> >
> > Did anyone try to patch the kernel to log connection attempts for ports
> > (tcp and maybe udp) where no program accepts connection? (2.1.7)
> >
> > I _know_ i can do nearly the same with IP filtering/logging but i
> > prefer another way..
> >
> > --
> >                                        _     _  _  _  _      _  _
> >    {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
> >    (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
> >
> >    [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!
> 
>   Have you configured kernel for IPFW (IP Firewall) ?.
> 
> IPFW does log connection attempts for the ports which are blocked for a network.
> 
> Messages get into /var/log/messages and also displayed on the console.
> 
> Prashant
> 
No , (btw i use IPFilter,not ipfw), do not want to log blocked packets/
create additional filtering rules etc. As i said i do know how to do that.
I just do not want to. I want to log connection attempts without that.

-- 
                                       _     _  _  _  _      _  _
   {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
   (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
   [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!