RE: detecting portscanning
Hello,
there's several methods to tell that.
a) use a product like portsentry
b) use iptables/ipchains to reject all forms of portscans
c) don't connect the box to the inet as portscans are a fact of life ;)
portsentry will trashcan any system that attempts to portscan you. If your
using 2.2.x you may want to put on the stealth kernel patch (freshmeat.net
search for stealth) that helps hinder scans
iptables has an awsome mechanism for portscans ;) in fact you can set it up
so that all portscans (well most I should say) will literaly take HOURS to
return nothing.
Ed
-----Original Message-----
From: Rudy Gevaert [mailto:webworm@zeus.rug.ac.be]
Sent: Thursday, May 24, 2001 4:17 PM
To: debian-security@lists.debian.org
Subject: detecting portscanning
Hello Everyone,
It is my first time i'm putting up a server (at home, cable modem) with
ftp/ssh/apache on it.
Now I would like to know who does portscans on my machine, and when. And
how many.
Is there a package for it in debian? Or do I have to install something
else.
Thanks in advance,
Rudy
--
____ ___ _ _ ___
|_ / / _ \| | | |/ __| e:Rudy@zeus.rug.ac.be phone: 0486/690159
/ / | __/| |_| |\__ \ url: http://studwww.rug.ac.be/~rgevaert/
/___| \___| \__,_||___/ http://zeus.rug.ac.be
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: