[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: detecting portscanning


there's several methods to tell that.

a) use a product like portsentry
b) use iptables/ipchains to reject all forms of portscans
c) don't connect the box to the inet as portscans are a fact of life ;)

portsentry will trashcan any system that attempts to portscan you.  If your
using 2.2.x you may want to put on the stealth kernel patch (freshmeat.net
search for stealth) that helps hinder scans

iptables has an awsome mechanism for portscans ;)  in fact you can set it up
so that all portscans (well most I should say) will literaly take HOURS to
return nothing.


-----Original Message-----
From: Rudy Gevaert [mailto:webworm@zeus.rug.ac.be]
Sent: Thursday, May 24, 2001 4:17 PM
To: debian-security@lists.debian.org
Subject: detecting portscanning

Hello Everyone,

It is my first time i'm putting up a server (at home, cable modem) with
ftp/ssh/apache on it.

Now I would like to know who does portscans on my machine, and when.  And
how many.

Is there a package for it in debian?  Or do I have to install something

Thanks in advance,

 ____  ___  _   _  ___
|_  / / _ \| | | |/ __|  e:Rudy@zeus.rug.ac.be phone: 0486/690159
 / / |  __/| |_| |\__ \  url: http://studwww.rug.ac.be/~rgevaert/
/___| \___| \__,_||___/  http://zeus.rug.ac.be

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact

Reply to: