From owner-freebsd-questions Mon Feb 12 7:40:45 2001 Delivered-To: freebsd-questions@freebsd.org Received: from palrel1.hp.com (palrel1.hp.com [156.153.255.242]) by hub.freebsd.org (Postfix) with ESMTP id 47C6E37B401 for ; Mon, 12 Feb 2001 07:40:43 -0800 (PST) Received: from omgw5.rsvl.itc.hp.com (omgw5.rsvl.itc.hp.com [15.34.240.65]) by palrel1.hp.com (Postfix) with ESMTP id 949FD1612 for ; Mon, 12 Feb 2001 07:40:41 -0800 (PST) Received: from xpabh2.boi.hp.com (xpabh2.boi.hp.com [15.56.8.28]) by omgw5.rsvl.itc.hp.com (8.9.3 (PHNE_18979)/8.9.3 SMKit7.02) with ESMTP id IAA19047 for ; Mon, 12 Feb 2001 08:40:39 -0700 (MST) Received: by xpabh2.boi.hp.com with Internet Mail Service (5.5.2653.19) id <1R0VVVGZ>; Mon, 12 Feb 2001 07:40:39 -0800 Message-ID: From: "DINKEY,GENE (HP-Loveland,ex1)" To: "'freebsd-questions@freebsd.org'" Subject: Logging IP address for all connections Date: Mon, 12 Feb 2001 07:40:36 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I'm running FreeBSD 3.4-RELEASE and have recently been under attack by what appears to be a bored script kiddie. The attacks have come from several different locations (for some reason they keep trying to log on via anon FTP). I've been port scanned twice in a week (unfortunatly all I get in messages is the ICMP bandwidth limit messages). I would like to be able to log the ip address and port number of every ip address that connects to the machine from my external interface. If possible I would like to also be able to log that to a seperate file instead of to messages to prevent clutter. I've searched the archives and looked at ipfw(8), syslogd(8), and syslog.conf(5). It's all very confusing and a little help understanding what I need to do would be appreciated. The system has 2 NIC's and runs natd, it's a gateway for my cable modem. I only need to log on the NIC that's exposed to the world. Thank you in advance Gene Dinkey To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message