From owner-freebsd-security Wed May 26 9:31:26 1999 Delivered-To: freebsd-security@freebsd.org Received: from kaa.kfunigraz.ac.at (KAA16.kfunigraz.ac.at [143.50.16.17]) by hub.freebsd.org (Postfix) with ESMTP id D37ED15601 for ; Wed, 26 May 1999 09:31:15 -0700 (PDT) (envelope-from dada@balu.kfunigraz.ac.at) Received: from balu.kfunigraz.ac.at (balu [143.50.16.16]) by kaa.kfunigraz.ac.at (8.9.2/8.9.2) with ESMTP id SAA15111 for ; Wed, 26 May 1999 18:30:33 +0200 (MDT) Received: from localhost.kfunigraz.ac.at (IDENT:L7jsz3pAXabCCNDJ4Ud1DYPyv9psnGSG@BONLINE15.kfunigraz.ac.at [143.50.169.15]) by balu.kfunigraz.ac.at (8.9.2/8.9.2) with ESMTP id SAA14279 for ; Wed, 26 May 1999 18:31:05 +0200 (MDT) Received: from localhost (hnZPB4S1Xe1ihcBBPxlijOToMRjgAt+k@localhost.kfunigraz.ac.at [127.0.0.1]) by localhost.kfunigraz.ac.at (8.8.8/x.y.z) with SMTP id OAA08687 for ; Wed, 26 May 1999 14:05:14 +0200 (CEST) (envelope-from dada@localhost.kfunigraz.ac.at) Date: Wed, 26 May 1999 14:05:14 +0200 (CEST) From: Martin Kammerhofer Reply-To: Martin Kammerhofer To: security@FreeBSD.ORG Subject: Re: TCP connect data logger In-Reply-To: <19990525012032.A25197@fw.garman.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 25 May 1999, Jason Garman wrote: > Last time I used this option (2.2.8-RELEASE), it only logged the packet > headers to syslog. Something like this: > > Connection attempt to UDP x.x.x.x:port from y.y.y.y:port > > theres also a tunable net.inet.tcp.log_in_vain which does the same thing > for TCP packets. > Both udp.log_in_vain and tcp.log_in_vain have *no* rate limiting. Enabling them can generate huge amounts of LOG_INFO messages during port scans. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message