Date: Tue, 29 Feb 2000 14:54:29 +0300 From: Lev Serebryakov <lev@imc.macro.ru> To: Dave McKay <freebsd-security@FreeBSD.ORG> Subject: Re[2]: ipfw log accounting Message-ID: <8621.000229@imc.macro.ru> In-Reply-To: <20000228174619.A71978@elvis.mu.org> References: <20000228174619.A71978@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Dave! Tuesday, February 29, 2000, 2:46:19 AM, you wrote: >> Are there some tools to analyze output of "deny log ip from any to >> any" ipfw rule and find dangerous activity, like portscans and other? >> I want to analyze log every hour, and reset log counters after it. >> I don't want to receive messages about every single dropped packet. DM> A tool such as you are asking would be easily written in perl. DM> Just have your ipfw log to a file through syslogd or ipfw How could I filter all ipfw messages to separate file with syslogd? There is no special facility for it :( DM> itself. Then write a tool to check and analyse the data and DM> send you mail on it every hour. It is not a problem to analyze, when you know what is attack and what is not. I wander, is there some conditions (developed by security specialists) to distinguish attacks and mistakes... Lev Serebryakov, 2:5030/661.0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8621.000229>