Re: detecting portscanning

To: debian-security@lists.debian.org
Subject: Re: detecting portscanning
From: Vladislav <hugevlad@yahoo.com>
Date: Fri, 25 May 2001 00:57:40 -0700 (PDT)
Message-id: <20010525075740.55382.qmail@web11703.mail.yahoo.com>
In-reply-to: <Pine.LNX.4.33.0105250926480.13461-100000@zeus.rug.ac.be>

Hello,
--- Rudy Gevaert <webworm@zeus.rug.ac.be> wrote:

> > Check out www.snort.org. Snort capable to detect
> > portscans. Note, that not only portscans, but
[skip]
> Could I use this with ippl?  Or just on portscanning
> system?
As you wish, but you don`t needed any additional
ip-logging systems, when you use snort. You can log
only headers, you can log full packets in various
formats (text, syslog, tcpdump-compatible etc, include
logging into sql-base).
Snort is a libpcap-based packet sniffer/logger which
can be used as a lightweight network intrusion
detection system. It features rules based logging and
can perform content searching/matching in addition to
being used to detect a variety of other attacks and
probes, such as buffer overflows, stealth port scans,
CGI attacks, SMB probes, and much more. Snort has a
real-time alerting capability, with alerts being sent
to syslog, a separate "alert" file, or even to a
Windows computer via Samba. 
When I installed snort on my computer, I delete
tcplogd, icmplog, and other such systems.


=====
Regards, Vladislav. ---> http://cybervlad.port5.com

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/

Reply to:

References:
- Re: detecting portscanning
  - From: Rudy Gevaert <webworm@zeus.rug.ac.be>

Prev by Date: RE: Problem with logging firewall packets
Next by Date: Re: Problem with logging firewall packets
Previous by thread: Re: detecting portscanning
Next by thread: X & tcp listening
Index(es):
- Date
- Thread