From owner-freebsd-security Mon May 24 22:20:57 1999 Delivered-To: freebsd-security@freebsd.org Received: from wedgie.org (pm510-09.dialip.mich.net [131.118.249.231]) by hub.freebsd.org (Postfix) with ESMTP id 5D64314DF1 for ; Mon, 24 May 1999 22:20:40 -0700 (PDT) (envelope-from jgarman@wedgie.org) Received: by wedgie.org (Postfix, from userid 1000) id 7E2661FF01; Tue, 25 May 1999 01:20:33 -0400 (EDT) Date: Tue, 25 May 1999 01:20:33 -0400 From: Jason Garman To: wkt@cs.adfa.edu.au Cc: security@FreeBSD.ORG Subject: Re: TCP connect data logger Message-ID: <19990525012032.A25197@fw.garman.net> Reply-To: garman@earthling.net References: <19990525000758.A14670@fw.garman.net> <199905250414.OAA03109@henry.cs.adfa.edu.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <199905250414.OAA03109@henry.cs.adfa.edu.au>; from Warren Toomey on Tue, May 25, 1999 at 02:14:06PM +1000 X-Phase-Of-Moon: The Moon is Waxing Gibbous (78% of Full) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, May 25, 1999 at 02:14:06PM +1000, Warren Toomey wrote: > The sysctl net.inet.udp.log_in_vain option seems to be the one. > Maybe it doesn't log the contents, just some of the headers. > I haven't used it yet. > Last time I used this option (2.2.8-RELEASE), it only logged the packet headers to syslog. Something like this: Connection attempt to UDP x.x.x.x:port from y.y.y.y:port theres also a tunable net.inet.tcp.log_in_vain which does the same thing for TCP packets. enjoy -- Jason Garman http://wedgie.org/ Student, University of Maryland garman@earthling.net Story of the week: Whois: JAG145 http://www.theonion.com/onion3518/telemarketing_sale.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message