From owner-freebsd-security  Thu Sep 23 11:15:27 1999
Delivered-To: freebsd-security@freebsd.org
Received: from Samizdat.uucom.com (samizdat.uucom.com [198.202.217.54])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9D8BA14DF3; Thu, 23 Sep 1999 11:15:23 -0700 (PDT)
	(envelope-from cshenton@uucom.com)
Received: (from cshenton@localhost)
	by Samizdat.uucom.com (8.9.3/8.9.3) id OAA00487;
	Thu, 23 Sep 1999 14:14:00 -0400 (EDT)
To: Matthew Hunt <mph@astro.caltech.edu>
Cc: freebsd-net@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject: Re: Inetd -l: log *all* connection attempts (not just valid svcs)
References: <lfr9jpis9s.fsf_-_@Samizdat.uucom.com> <19990923081153.B668@wopr.caltech.edu>
User-Agent: SEMI/1.13.3 (Komaiko) FLIM/1.12.5 (Hirahata) Emacs/20.3 (i386-pc-solaris2.7) MULE/4.0 (HANANOEN)
MIME-Version: 1.0 (generated by SEMI 1.13.3 - "Komaiko")
Content-Type: text/plain; charset=US-ASCII
From: Chris Shenton <cshenton@uucom.com>
Date: 23 Sep 1999 14:14:00 -0400
In-Reply-To: Matthew Hunt's message of "Thu, 23 Sep 1999 08:11:53 -0700"
Message-ID: <lfln9xh4wn.fsf@Samizdat.uucom.com>
Lines: 16
X-Mailer: Gnus v5.6.45/Emacs 20.3
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, 23 Sep 1999 08:11:53 -0700, Matthew Hunt <mph@astro.caltech.edu> said:

Matthew> To log connections to ports with nothing listening, set
Matthew> "log_in_vain" to "YES" in /etc/rc.conf if it's in there, or
Matthew> do "sysctl -w net.inet.tcp.log_in_vain=1" as root.

That's exactly what I was looking for, thanks! 

As to the name of the variable... you guys are the zaniest :-)

(When did this variable appear?)

PS: Anthony Di Pietro <anthony@dino.omen.com.au> suggested "clog" in
ports, which I tried. It does a nice job of reporting all connections
on the LAN segment, not just rejected ones nor just ones to the local
machine. Nice tool for seeing what's on your LAN.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message