> When using a UNIX box (eg. SUN) for a firewall, it would be nice to have a
> daemon listening at ALL UDP and TCP ports in order to see who is knocking on
> the door... and where! How can this be done? Any pointers are appreciated.
You can't easily do ALL of them, but you can cover the interesting-looking
tcp ports via inetd. I'm using tcpd, and I have a pile of extra entries in
inetd.conf for nonexistent daemons:
exec stream tcp nowait nouser /usr/local/etc/tcpd no-exec
uucp stream tcp nowait nouser /usr/local/etc/tcpd no-uucp
rje stream tcp nowait nouser /usr/local/etc/tcpd no-rje
link stream tcp nowait nouser /usr/local/etc/tcpd no-link
sunrpc stream tcp nowait nouser /usr/local/etc/tcpd no-sunrpc
sftp stream tcp nowait nouser /usr/local/etc/tcpd no-sftp
printer stream tcp nowait nouser /usr/local/etc/tcpd no-printer
nterm stream tcp nowait nouser /usr/local/etc/tcpd no-nterm
etc. When somebody connects to one of those ports and it can't start the
corresponding (nonexistent) daemon, tcpd logs a complaint with the name of
the daemon.
On a Sun you can probably extend this to UDP, I'm on a SysV where tcpd
can't handle UDP connections correctly.
--
Tom Fitzgerald Wang Labs fitz @
wang .
com "I went to the universe today;
1-508-967-5278 Lowell MA, USA It was closed...."
References:
|
|
