Date: 23 Sep 1999 11:03:59 -0400 From: Chris Shenton <cshenton@uucom.com> To: freebsd-net@FreeBSD.ORG Cc: freebsd-security@FreeBSD.ORG Subject: Inetd -l: log *all* connection attempts (not just valid svcs) Message-ID: <lfr9jpis9s.fsf_-_@Samizdat.uucom.com> In-Reply-To: Pierre Beyssac's message of "Thu, 23 Sep 1999 10:51:31 %2B0200"
next in thread | raw e-mail | index | archive | help
FreeBSD-3.2 inetd has a "-l" flag which logs all attempts:
If the -l option is specified, all connection attempts are logged,
whether they are allowed, denied or not wrapped at all. Otherwise, only
denied requests will be logged.
but I gather it only logs attempts for ports which inetd.conf has
configured for services.
I'd like a way to log *all* network connection attempts, especially
attempts to services which aren't defined. This would allow me to spot
people scanning my host (where only a few services are enabled).
Perhaps inetd isn't the right place to do this since it has no
awareness of other services which might be running (e.g., httpd on
port 80). Is this true? Or can inetd be bound to all unused ports to
log attempts?
If not I suppose the logical conclusion would be to run ipfw or
ipfil... certainly doable, but not as trivial for users to enable as
turning on an inetd flag. Suggestions?
Thanks.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?lfr9jpis9s.fsf_-_>