Date: Fri, 28 May 1999 02:50:07 -0700 From: "Jan B. Koum " <jkb@best.com> To: ark@eltex.ru Cc: dada@sbox.tu-graz.ac.at, security@FreeBSD.ORG Subject: Re: TCP connect data logger Message-ID: <19990528025007.C15594@best.com> In-Reply-To: <199905280942.NAA13537@paranoid.eltex.spb.ru>; from ark@eltex.ru on Fri, May 28, 1999 at 01:42:56PM %2B0400 References: <19990528023139.A15594@best.com> <199905280942.NAA13537@paranoid.eltex.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, May 28, 1999 at 01:42:56PM +0400, ark@eltex.ru wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > nuqneH, > > I remember a patch was posted here to log all TCP packets that are not part > of some known sequence. Really simple thing. Are you talking about http://www.best.com/~jkb/tcp_input.diff.txt one? I need to make it better .. I don't think it handles fast scan rate on 100base network well. -- Yan > > You should also note that net.inet.tcp.log_in_vain will ONLY log > > packets which have SYN bit set. That sucks if you get port scanned by > > something like nmap which can use FIN scan for example. (Or some other > > stealth scanning technique). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990528025007.C15594>