RE: detecting portscanning
On Thu, 24 May 2001, Ed Street wrote:
> there's several methods to tell that.
> a) use a product like portsentry
> b) use iptables/ipchains to reject all forms of portscans
> c) don't connect the box to the inet as portscans are a fact of life ;)
> portsentry will trashcan any system that attempts to portscan you. If your
> using 2.2.x you may want to put on the stealth kernel patch (freshmeat.net
> search for stealth) that helps hinder scans
> iptables has an awsome mechanism for portscans ;) in fact you can set it up
> so that all portscans (well most I should say) will literaly take HOURS to
> return nothing.
I'll use iptable when I got my network running. Now it is just a
standalone box. I'm running ippl and it logs the most things. It will
work for now I think ;)
Thanks to everyone for all the help!
____ ___ _ _ ___
|_ / / _ \| | | |/ __| e:Rudy@zeus.rug.ac.be phone: 0486/690159
/ / | __/| |_| |\__ \ url: http://studwww.rug.ac.be/~rgevaert/
/___| \___| \__,_||___/ http://zeus.rug.ac.be