Date: 23 Sep 1999 11:03:59 -0400 From: Chris Shenton <cshenton@uucom.com> To: freebsd-net@FreeBSD.ORG Cc: freebsd-security@FreeBSD.ORG Subject: Inetd -l: log *all* connection attempts (not just valid svcs) Message-ID: <lfr9jpis9s.fsf_-_@Samizdat.uucom.com> In-Reply-To: Pierre Beyssac's message of "Thu, 23 Sep 1999 10:51:31 %2B0200"
next in thread | raw e-mail | index | archive | help
FreeBSD-3.2 inetd has a "-l" flag which logs all attempts: If the -l option is specified, all connection attempts are logged, whether they are allowed, denied or not wrapped at all. Otherwise, only denied requests will be logged. but I gather it only logs attempts for ports which inetd.conf has configured for services. I'd like a way to log *all* network connection attempts, especially attempts to services which aren't defined. This would allow me to spot people scanning my host (where only a few services are enabled). Perhaps inetd isn't the right place to do this since it has no awareness of other services which might be running (e.g., httpd on port 80). Is this true? Or can inetd be bound to all unused ports to log attempts? If not I suppose the logical conclusion would be to run ipfw or ipfil... certainly doable, but not as trivial for users to enable as turning on an inetd flag. Suggestions? Thanks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?lfr9jpis9s.fsf_-_>