FreeBSD Kernel Mods and User Programs to Log Suspicious Net Activity

		Warren Toomey		wkt@tuhs.org

This directory contains some programs and kernel modifications to FreeBSD 2.x
which log suspicious network activity. These programs are described in
the paper auugnetpaper.ps.gz. You should find the following:

brieflog			- Summarise the security info in log files.
kernmods.tar.gz			- Kernel mods to FreeBSD to log net activity.
pktsuckers.tar.gz		- Daemons to log data on suspicious ports.
wktportmopper.tar.gz		- A portmapper to log suspicious RPC requests.
syslogd.tar.gz			- FreeBSD 2.1's syslogd with extensions to
				  use an alternate UDP port.
tcp_wrappers_7.2.tar.gz		- Wietse Venema's great TCP Wrappers program.

For those interested in the TCP sequence number changes, Minnie's sequence
numbers and timestamps can be found in the tcp_seq* files.

This directory also contains several papers. Here is a BibTeX listing of the
papers with the filename:

@inproceedings{toomey:netmonitoring,
  author =      "W. Toomey",
  title =       "{\it Monitoring Network Connection Attempts   
                        on a FreeBSD Server}",
  booktitle =   "Proceedings of the 1996 Canberra AUUG Summer Conference",
  year =        "1996" 
  month = 	jan,
  file =	"auugnetpaper.ps.gz"
}

@inproceedings{bellovin:bedragons,
  author =      "S. Bellovin",
  title =       "{\it There Be Dragons}",
  booktitle =   "Proceedings of the 3rd Usenix UNIX Security Symposium",
  year =        "1992"  
  file =	"dragon.ps.gz"
}

@misc{morris:tcpweakness,
  author=	"R. T. Morris",
  title=	"{\it A Weakness in the 4.2BSD Unix TCP/IP Software}",
  note=		"Ftp'd from {\tt research.att.com}.",
  year=		1985
  file =	"117.ps.gz"
}

@article{bellovin:tcpsecurity,
  author=	"S. M. Bellovin",
  title=	"{\it Security Problems in the TCP/IP Protocol Suite}",
  journal=	"Computer Communication Review",
  year=		1989,
  volume=	19,
  number=	2,
  pages=	"32-48",
  month=	apr,
  file =	"ipext.ps.gz"
}