From owner-freebsd-security Sun Oct 24 16:52:15 1999 Delivered-To: freebsd-security@freebsd.org Received: from titan.internetconnection.net (titan.internetconnection.net [151.196.212.100]) by hub.freebsd.org (Postfix) with SMTP id 32B7415145 for ; Sun, 24 Oct 1999 16:52:12 -0700 (PDT) (envelope-from mrmagoo@shotblast.com) Received: (qmail 29998 invoked from network); 24 Oct 1999 23:45:25 -0000 Received: from cs26250-212.satx.rr.com (HELO saturn) (mrmagoo@24.26.250.212) by 151.196.212.124 with SMTP; 24 Oct 1999 23:45:25 -0000 From: "Mr Magoo" To: Subject: RE: kernel patch to detect port scan, without turning on ports... Date: Sun, 24 Oct 1999 18:48:38 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <199910240556.PAA55113@atdot.dotat.org> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org How would you go about making these messages go into a syslogd file? I've never really understood howto put things into a log file with it. BTW- can you do that same thing for ICMP's? -- A.G. Russell IV wrote: > Sorry if this is redundant, > I'm looking for the kernel patch to allow detection of a port scan without > turning on each of the ports. Execute the following sysctl -w net.inet.tcp.log_in_vain=1 sysctl -w net.inet.udp.log_in_vain=1 You'll get a console log message whenever someone tries to reach a port which isn't listening. - mark -------------------------------------------------------------------- I tried an internal modem, newton@atdot.dotat.org but it hurt when I walked. Mark Newton ----- Voice: +61-4-1620-2223 ------------- Fax: +61-8-82231777 ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message