From owner-freebsd-security Thu Sep 23 8:12:25 1999 Delivered-To: freebsd-security@freebsd.org Received: from wopr.caltech.edu (wopr.caltech.edu [131.215.240.222]) by hub.freebsd.org (Postfix) with ESMTP id 2E78B15EF0; Thu, 23 Sep 1999 08:12:20 -0700 (PDT) (envelope-from mph@wopr.caltech.edu) Received: (from mph@localhost) by wopr.caltech.edu (8.9.3/8.9.1) id IAA00915; Thu, 23 Sep 1999 08:11:53 -0700 (PDT) (envelope-from mph) Date: Thu, 23 Sep 1999 08:11:53 -0700 From: Matthew Hunt To: Chris Shenton Cc: freebsd-net@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Inetd -l: log *all* connection attempts (not just valid svcs) Message-ID: <19990923081153.B668@wopr.caltech.edu> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: ; from Chris Shenton on Thu, Sep 23, 1999 at 11:03:59AM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Sep 23, 1999 at 11:03:59AM -0400, Chris Shenton wrote: > I'd like a way to log *all* network connection attempts, especially > attempts to services which aren't defined. This would allow me to spot > people scanning my host (where only a few services are enabled). To log connections to ports with nothing listening, set "log_in_vain" to "YES" in /etc/rc.conf if it's in there, or do "sysctl -w net.inet.tcp.log_in_vain=1" as root. This is handled by the kernel, not inetd, because as you said, inetd is not aware of connections attempts to ports it's not listening to. -- Matthew Hunt * UNIX is a lever for the http://www.pobox.com/~mph/ * intellect. -J.R. Mashey To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message