RE: detecting portscanning

To: Ed Street <blacknet@phenixcable.net>
Cc: <debian-security@lists.debian.org>
Subject: RE: detecting portscanning
From: Rudy Gevaert <webworm@zeus.rug.ac.be>
Date: Fri, 25 May 2001 00:56:45 +0200 (CEST)
Message-id: <Pine.LNX.4.33.0105250054480.8726-100000@zeus.rug.ac.be>
In-reply-to: <GCEGLPFGDCACHENIJHDDMEAJCDAA.blacknet@phenixcable.net>

On Thu, 24 May 2001, Ed Street wrote:

> Hello,
>
> there's several methods to tell that.
>
> a) use a product like portsentry
> b) use iptables/ipchains to reject all forms of portscans
> c) don't connect the box to the inet as portscans are a fact of life ;)
>
> portsentry will trashcan any system that attempts to portscan you.  If your
> using 2.2.x you may want to put on the stealth kernel patch (freshmeat.net
> search for stealth) that helps hinder scans
>
> iptables has an awsome mechanism for portscans ;)  in fact you can set it up
> so that all portscans (well most I should say) will literaly take HOURS to
> return nothing.
>
Ok thanks,

I'll use iptable when I got my network running.  Now it is just a
standalone box.  I'm running ippl and it logs the most things.  It will
work for now I think ;)

Thanks to everyone for all the help!

Greetings,

Rudy
-- 
 ____  ___  _   _  ___
|_  / / _ \| | | |/ __|  e:Rudy@zeus.rug.ac.be phone: 0486/690159
 / / |  __/| |_| |\__ \  url: http://studwww.rug.ac.be/~rgevaert/
/___| \___| \__,_||___/  http://zeus.rug.ac.be

Reply to:

References:
- RE: detecting portscanning
  - From: "Ed Street" <blacknet@phenixcable.net>

Prev by Date: RE: detecting portscanning
Next by Date: RE: detecting portscanning
Previous by thread: RE: detecting portscanning
Next by thread: RE: detecting portscanning
Index(es):
- Date
- Thread