From owner-freebsd-security Wed Dec 5 8:38:41 2001 Delivered-To: freebsd-security@freebsd.org Received: from salseiros.melim.com.br (salseiros.melim.com.br [200.215.110.23]) by hub.freebsd.org (Postfix) with ESMTP id D302B37B405 for ; Wed, 5 Dec 2001 08:38:37 -0800 (PST) Received: from fazendinha (ressacada.melim.com.br [200.215.110.4]) by salseiros.melim.com.br (Postfix) with SMTP id F0E60BAA3 for ; Wed, 5 Dec 2001 14:38:29 -0200 (BRST) Message-ID: <02f601c17dab$85743670$2aa8a8c0@melim.com.br> From: "Ronan Lucio" To: Subject: Securty logs Date: Wed, 5 Dec 2001 14:40:17 -0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi All, I have a doubt about the entries in the security log file. If I have icmp 8,0 denied for external computers, when someone pings, it create an entry in security log file: Dec 5 14:01:12 server /kernel: ipfw: 3000 Deny ICMP:8.0 62.211.157.214 255.255.255.255 in via fxp0 But if such computer give a flood attack, I think it will create the same entry. How can I identify if an entry in security log file was creted by simple ping or by a flood attack? Thank´s to all, Ronan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message