From owner-freebsd-security Fri Sep 5 08:35:40 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id IAA14956 for security-outgoing; Fri, 5 Sep 1997 08:35:40 -0700 (PDT) Received: from soran.pacific.net.sg (soran.pacific.net.sg [203.120.90.76]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id IAA14921 for ; Fri, 5 Sep 1997 08:35:13 -0700 (PDT) Received: from madcap.dyn.ml.org (d125137.ppp125.cyberway.com.sg [203.116.125.137]) by soran.pacific.net.sg with ESMTP id XAA28096 for ; Fri, 5 Sep 1997 23:34:59 +0800 (SGT) Received: (qmail 1605 invoked by uid 100); 5 Sep 1997 15:31:03 -0000 Message-ID: <19970905233103.64953@dyn.ml.org> Date: Fri, 5 Sep 1997 23:31:03 +0800 From: Ng Pheng Siong To: ArkanoiD Cc: firewalls@greatcircle.com, freebsd-security@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG Subject: Re: log connection attempts? References: <203609030840.MAA14571@paranoid.convey.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.76e In-Reply-To: <203609030840.MAA14571@paranoid.convey.ru>; from ArkanoiD on Wed, Sep 03, 2036 at 12:40:07PM +0400 Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Sep 3, ArkanoiD wrote: > Did anyone try to patch the kernel to log connection attempts for ports > (tcp and maybe udp) where no program accepts connection? (2.1.7) About 2 years ago, some one from Oz did just that. Asking the search engines... Altavista... results totally irrelevant. (Seems that it is run by the Internic whois people these days. ;) Infoseek... hmmm, ip masquerade... Lycos... got it! First entry, too: http://minnie.cs.adfa.oz.au/Seminars/AUUG96/netpaper.html Off-hand I wonder if in-kernel logging might undo measures like syn-flood proofing, etc., and introduce DOS possibilities. BTW, read today that CMU is being awarded a patent for Lycos-related technology. -- Ng Pheng Siong