|
||||||||
On 5/3/05, Gary <gary at kryptic dash x dot com> wrote: > Hey all, > > I finally got all the logging to work with my freebsd 4.11 box using > syslogd. Now I was looking thru the firewall logs and noticed that the rules > are logged correctly but was hoping to see a few things. For one: I was > wondering if there was an way to make the rules show if the packet was > allowed or denied > That's there. See the section of this page: http://www.daemon-systems.org/man/ipmon.8.html under "Messages generated by ipmon consist of whitespace separated fields. Fields common to all messages are:" > and Two: I wanted to know if there was any way to make the > firewall more intelligent. For instance, I did a port scan of my first 1100 > ports and m0n0wall just logged all the traffic. Is there anyway for it to > see this port sweep and block that IP sort of like portsentry? > Not at this point, though Manuel has it on the wish list. I don't see it of much worth. Anybody that all out port scans you is nothing more than a script kiddie (way too noisy for a real attacker), and any serious attacker is going to do reconnaissance from a different system than he attacks from, so that wouldn't buy you much of anything. -Chris |