From owner-freebsd-hackers Fri Sep 5 06:44:57 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id GAA09020 for hackers-outgoing; Fri, 5 Sep 1997 06:44:57 -0700 (PDT) Received: from paranoid.convey.ru (ws04.convey.ru [195.182.128.19]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id GAA09015; Fri, 5 Sep 1997 06:44:50 -0700 (PDT) Received: (from ark@localhost) by paranoid.convey.ru (8.7.5/8.7.3) id QAA01192; Fri, 5 Sep 1997 16:48:17 +0400 From: ArkanoiD Message-Id: <199709051248.QAA01192@paranoid.convey.ru> Subject: Re: log connection attempts? To: robert+freebsd@cyrus.watson.org Date: Fri, 5 Sep 1997 16:48:16 +0400 (MSD) Cc: pdongre@opentech.stpn.soft.net, firewalls@greatcircle.com, freebsd-security@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG In-Reply-To: from "Robert Watson" at Sep 4, 97 10:35:11 am X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit Sender: owner-freebsd-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk nuqneH, > > No , (btw i use IPFilter,not ipfw), do not want to log blocked packets/ > > create additional filtering rules etc. As i said i do know how to do that. > > I just do not want to. I want to log connection attempts without that. > > Take a look at these two locations -- there was mention of a better syslog > here on freebsd-security recently. There were also statistics-gathering > modifications on disconnected ports. > > http://minnie.cs.adfa.oz.au/Seminars/AUUG96/index.html > ftp://minnie.cs.adfa.oz.au/pub/NetSecurity/ Thanks! That's [nearly] the thing i was looking for. Actually it is for an older kernel version and requires minor modifications to be used with 2.1.7.1 but it should not be hard to do. -- _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one!