From owner-freebsd-security Fri Jun 27 07:47:11 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id HAA24424 for security-outgoing; Fri, 27 Jun 1997 07:47:11 -0700 (PDT) Received: (from jmb@localhost) by hub.freebsd.org (8.8.5/8.8.5) id HAA24410; Fri, 27 Jun 1997 07:47:07 -0700 (PDT) From: "Jonathan M. Bresler" Message-Id: <199706271447.HAA24410@hub.freebsd.org> Subject: Re: ICMP Logging To: nathan@senate.org (Nathan Dorfman) Date: Fri, 27 Jun 1997 07:47:07 -0700 (PDT) Cc: freebsd-security@freebsd.org In-Reply-To: <199706271343.JAA04122@limbo.senate.org> from "Nathan Dorfman" at Jun 27, 97 09:43:05 am X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Nathan Dorfman wrote: > > Is there a way for the kernel to syslog(3) all ICMP messages? This would serve > two purposes; a) as I have all syslog messages directed to an unused vty I > could observer such DoS attacks in progress and b) if they are stored in the > log files I could use the logs in case the matter needed to be pursued further. use the "log" option in ipfw for icmp packets for instance: ipfw add allow log icmp from any to any dont forget the default rule: 65535 deny all from any to any so allow any traffic you want, even if its all traffic ipfw add allog all from any to any > > If this is not a part of the current kernel, it would (IMO) be a very good > addition to -current and -stable. If you *are* planning on adding it soon, > please let me know and I'll hold off my upgrade (I'm currently running 2.2.1- > RELEASE and wanted to upgrade to -stable). > ipfw has been in the source tree since 94.10.28 jmb