From owner-freebsd-security Fri Jun 27 07:50:00 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id HAA24556 for security-outgoing; Fri, 27 Jun 1997 07:50:00 -0700 (PDT) Received: from weblock.tm.net.my (weblock.tm.net.my [202.188.0.180]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA24551 for ; Fri, 27 Jun 1997 07:49:56 -0700 (PDT) Received: from lovebox ([202.184.153.17]) by weblock.tm.net.my (Post.Office MTA v3.1 release PO203a evaluation license) with SMTP id AAA10020 for ; Fri, 27 Jun 1997 22:50:16 +0800 Message-Id: <3.0.32.19970627224059.009cece0@mail.tm.net.my> X-Sender: sweeting@mail.tm.net.my X-Mailer: Windows Eudora Pro Version 3.0 (32) To: security@freebsd.org From: chas Subject: how can we monitor in real time ? (was Re: probing from jrc-5-104.tm.net.my) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 27 Jun 1997 22:50:16 +0800 Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I sent along a bit of info on this one earlier but it did prompt me to wonder : "how can we check for this info (and DoS attackes or similar) in real time rather than afterwards in log files ? is there any software that can be configured to monitor your server and shout when it is possibly coming under attack ?" Thank you very much, chas >>Anyone know anything about this host ? >> >>Name: jrc-5-104.tm.net.my >>Address: 202.188.5.104 >> >>I noticed it probing ports in ipfw's logs. >> >>abbreviations: X = 202.188.5.104 Y = myhost Z = myhost >> >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1422 Y:2 via de0 >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1423 Y:3 via de0 >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1424 Y:4 via de0 >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1425 Y:5 via de0 >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1426 Y:6 via de0 >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1428 Y:8 via de0 >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1429 Y:9 via de0 >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1430 Y:10 via de0 >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1431 Y:11 via de0 >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1432 Y:12 via de0 >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1433 Y:13 via de0 >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1434 Y:14 via de0 >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1435 Y:15 via de0 >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1436 Y:16 via de0 >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1437 Y:17 via de0 >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1438 Y:18 via de0 >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1440 Y:20 via de0 >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1441 Y:21 via de0 >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1443 Y:23 via de0 >>Jun 25 04:07:12 Z /kernel: ipfw: 2600 Deny TCP X:1444 Y:24 via de0 >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1445 Y:25 via de0 >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1446 Y:26 via de0 >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1447 Y:27 via de0 >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1448 Y:28 via de0 >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1449 Y:29 via de0 >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1450 Y:30 via de0 >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1451 Y:31 via de0 >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1452 Y:32 via de0 >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1453 Y:33 via de0 >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1454 Y:34 via de0 >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1455 Y:35 via de0 >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1456 Y:36 via de0 >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1457 Y:37 via de0 >>Jun 25 04:07:13 Z /kernel: ipfw: 2600 Deny TCP X:1458 Y:38 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1459 Y:39 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1460 Y:40 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1461 Y:41 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1462 Y:42 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1463 Y:43 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1464 Y:44 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1465 Y:45 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1466 Y:46 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1467 Y:47 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1468 Y:48 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1469 Y:49 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1470 Y:50 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1471 Y:51 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1472 Y:52 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1473 Y:53 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1474 Y:54 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1475 Y:55 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1476 Y:56 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1477 Y:57 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1478 Y:58 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1479 Y:59 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1480 Y:60 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1481 Y:61 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1482 Y:62 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1483 Y:63 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1484 Y:64 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1485 Y:65 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1486 Y:66 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1487 Y:67 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1488 Y:68 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1489 Y:69 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1490 Y:70 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1491 Y:71 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1492 Y:72 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1493 Y:73 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1494 Y:74 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1495 Y:75 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1496 Y:76 via de0 >>Jun 25 04:07:14 Z /kernel: ipfw: 2600 Deny TCP X:1497 Y:77 via de0 >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1430 Y:10 via de0 >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1432 Y:12 via de0 >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1433 Y:13 via de0 >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1431 Y:11 via de0 >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1434 Y:14 via de0 >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1441 Y:21 via de0 >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1435 Y:15 via de0 >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1436 Y:16 via de0 >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1443 Y:23 via de0 >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1444 Y:24 via de0 >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1445 Y:25 via de0 >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1438 Y:18 via de0 >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1446 Y:26 via de0 >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1447 Y:27 via de0 >>Jun 25 04:07:15 Z /kernel: ipfw: 2600 Deny TCP X:1448 Y:28 via de0 >>Jun 25 04:07:15 Z /kernel: ipfw: limit reached on rule #2600 >> >> >> >>-- >>Rob Hartill Internet Movie Database (Ltd) >>http://www.moviedatabase.com/ .. a site for sore eyes. >> >>