Date: Tue, 29 Feb 2000 14:54:29 +0300 From: Lev Serebryakov <lev@imc.macro.ru> To: Dave McKay <freebsd-security@FreeBSD.ORG> Subject: Re[2]: ipfw log accounting Message-ID: <8621.000229@imc.macro.ru> In-Reply-To: <20000228174619.A71978@elvis.mu.org> References: <20000228174619.A71978@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Dave!
Tuesday, February 29, 2000, 2:46:19 AM, you wrote:
>> Are there some tools to analyze output of "deny log ip from any to
>> any" ipfw rule and find dangerous activity, like portscans and other?
>> I want to analyze log every hour, and reset log counters after it.
>> I don't want to receive messages about every single dropped packet.
DM> A tool such as you are asking would be easily written in perl.
DM> Just have your ipfw log to a file through syslogd or ipfw
How could I filter all ipfw messages to separate file with syslogd?
There is no special facility for it :(
DM> itself. Then write a tool to check and analyse the data and
DM> send you mail on it every hour.
It is not a problem to analyze, when you know what is attack and what
is not. I wander, is there some conditions (developed by security
specialists) to distinguish attacks and mistakes...
Lev Serebryakov, 2:5030/661.0
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8621.000229>