Date: Wed, 5 Dec 2001 13:54:49 -0800 From: "Crist J . Clark" <cjc@FreeBSD.ORG> To: Ronan Lucio <ronan@melim.com.br> Cc: security@FreeBSD.ORG Subject: Re: Securty logs Message-ID: <20011205135449.E3061@blossom.cjclark.org> In-Reply-To: <02f601c17dab$85743670$2aa8a8c0@melim.com.br>; from ronan@melim.com.br on Wed, Dec 05, 2001 at 02:40:17PM -0200 References: <02f601c17dab$85743670$2aa8a8c0@melim.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 05, 2001 at 02:40:17PM -0200, Ronan Lucio wrote:
> Hi All,
>
> I have a doubt about the entries in the security log file.
>
> If I have icmp 8,0 denied for external computers, when
> someone pings, it create an entry in security log file:
>
> Dec 5 14:01:12 server /kernel: ipfw: 3000 Deny ICMP:8.0 62.211.157.214
> 255.255.255.255 in via fxp0
>
> But if such computer give a flood attack, I think it will
> create the same entry.
>
> How can I identify if an entry in security log file was creted
> by simple ping or by a flood attack?
By how many of those log entries you get. Each packet will generate a
message.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011205135449.E3061>