Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 24 May 1999 22:17:03 -0600 (MDT)
From:      "Jason L. Schwab" <jschwab@royal.net>
To:        wkt@cs.adfa.edu.au
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: TCP connect data logger
Message-ID:  <Pine.BSF.4.05.9905242216520.769-100000@shellsys.net>
In-Reply-To: <199905250213.MAA02815@henry.cs.adfa.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help 
Yes, I'm interested in it! Sounds like something I could use!

-
-------------------------------------
 Jason L. Schwab <jschwab@royal.net>
    * Unix System Administrator *
-------------------------------------

On Tue, 25 May 1999, Warren Toomey wrote:

> This is strictly off-topic for FreeBSD, but anyway ... A few people desired
> to know why someone was attacking port X on their box. Ages ago, I wrote a
> small program, tcpsuck, that is run from inetd. Tcpsuck sits on a port and
> logs the data coming in. It stops after a pre-defined timeout, or when the
> remote end break the connection.
> 
> This can help you to determine what they are looking for. It also slows
> TCP port strobe attacks, too :-)
> 
> Here is where I use it on my system:
> 
> bootserver stream tcp   nowait  nobody  /usr/libexec/tcpsuck    tcpsuck
> cisco-tna stream tcp    nowait  nobody  /usr/libexec/tcpsuck    tcpsuck
> exec    stream  tcp     nowait  nobody  /usr/libexec/tcpsuck    tcpsuck
> cmd     stream  tcp     nowait  nobody  /usr/libexec/tcpsuck    tcpsuck
> nicname stream  tcp     nowait  nobody  /usr/libexec/tcpsuck    tcpsuck
> pop2    stream  tcp     nowait  nobody  /usr/libexec/tcpsuck    tcpsuck
> pop3    stream  tcp     nowait  nobody  /usr/libexec/tcpsuck    tcpsuck
> imap2   stream  tcp     nowait  nobody  /usr/libexec/tcpsuck    tcpsuck
> supdup  stream  tcp     nowait  nobody  /usr/libexec/tcpsuck    tcpsuck
> systat  stream  tcp     nowait  nobody  /usr/libexec/tcpsuck    tcpsuck
> tcpmux  stream  tcp     nowait  nobody  /usr/libexec/tcpsuck    tcpsuck
> login   stream  tcp     nowait  nobody  /usr/libexec/tcpsuck    tcpsuck
> shell   stream  tcp     nowait  nobody  /usr/libexec/tcpsuck    tcpsuck
> 
> I also wrote a udpsuck program for UDP ports, but current FreeBSD versions
> have UDP packet logging built-in.
> 
> Anybody interested in tcpsuck?
> 
> 	Warren
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 
> 
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9905242216520.769-100000>