On 10/5/05, jmulkerin <[EMAIL PROTECTED]> wrote:
> How about using snort and guardian.Guardian.pl will add a ipfw rule
> each time it sees an alert from Snort. You'll need to adjust the snort
> rules for what you want to alert on but its a pretty safe and
> lightweight asset. (just my novice 2
On 10/5/05, Alex de Kruijff <[EMAIL PROTECTED]> wrote:
> On Thu, Sep 29, 2005 at 11:45:42AM -0400, Bob Johnson wrote:
> > In FreeBSD 5.4R, I tried an IPFW configuration that includes something
> > like this (plus a lot of other rules):
> >
> >check-state
> >deny tcp from any to any establis
How about using snort and guardian.Guardian.pl will add a ipfw rule
each time it sees an alert from Snort. You'll need to adjust the snort
rules for what you want to alert on but its a pretty safe and
lightweight asset. (just my novice 2 cents...)
John
Alex de Kruijff wrote:
On Thu, S
On Thu, Sep 29, 2005 at 11:45:42AM -0400, Bob Johnson wrote:
> In FreeBSD 5.4R, I tried an IPFW configuration that includes something
> like this (plus a lot of other rules):
>
>check-state
>deny tcp from any to any established
>allow log tcp from any to ${my-ip} dst-port 22 setup limi
In FreeBSD 5.4R, I tried an IPFW configuration that includes something
like this (plus a lot of other rules):
check-state
deny tcp from any to any established
allow log tcp from any to ${my-ip} dst-port 22 setup limit src-addr 3
+ other rules that use keep-state
When I do this, _every_ s
On Mon, Sep 20, 2004 at 10:27:22PM -0500, Eric F Crist wrote:
> Hello all,
>
> I may no longer be subscribed, as I've had some mail server problems (I
> moved), so please reply to me, as well.
>
> IPFW used to log all entries with the 'log' included in the rule, but
> randomely, to me, anyways,
On Mon, Sep 20, 2004 at 10:27:22PM -0500, Eric F Crist wrote:
> IPFW used to log all entries with the 'log' included in the rule, but
> randomely, to me, anyways, stopped doing so. I can't seem to get it to
> continue logging.
>
> Does anyone have any insight? I'm running FreeBSD 4.10 from ab
Hello all,
I may no longer be subscribed, as I've had some mail server problems (I
moved), so please reply to me, as well.
IPFW used to log all entries with the 'log' included in the rule, but
randomely, to me, anyways, stopped doing so. I can't seem to get it to
continue logging.
Does anyone
- Original Message -
From: "Zoran Kolic" <[EMAIL PROTECTED]>
Sent: Sunday, November 02, 2003 9:39 PM
>Dear Drew!
>You are absolutely right.
> I made another rule:
>
> allow log tcp from any to any out setup keep-state
>
> and got 30K log in /var/log/
> security. This file was unto
