On Thu, 12 Feb 2004 11:12:53 -0500 Dragoncrest <[EMAIL PROTECTED]> granted us these pearls of wisdom:
> For the past couple of days I've had someone on our lan port scanning my > box. Not sure what's up with that, but I'm curious if there's a way to log > what IP address this is coming from. I don't have IPFW enabled yet as I > haven't had the time to configure it at this point as it's currently behind > the company firewall on our T3. Is there a way to log where it's coming > from? Or is that already being logged somewhere? I wonder if you might get some benefit from a couple of simple IPF rules and a quick portsentry install. /etc/ipf.rules pass in log on interface0 from any to any pass out log on interface0 from IP to any with the appropriate startup would give you a good idea of the IP address the scan is comming from. Whether your DHCP server admin will tell you who that address is is a different matter. HTH LK _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"