Re: detecting portscanning
--- Rudy Gevaert <email@example.com> wrote:
> > Check out www.snort.org. Snort capable to detect
> > portscans. Note, that not only portscans, but
> Could I use this with ippl? Or just on portscanning
As you wish, but you don`t needed any additional
ip-logging systems, when you use snort. You can log
only headers, you can log full packets in various
formats (text, syslog, tcpdump-compatible etc, include
logging into sql-base).
Snort is a libpcap-based packet sniffer/logger which
can be used as a lightweight network intrusion
detection system. It features rules based logging and
can perform content searching/matching in addition to
being used to detect a variety of other attacks and
probes, such as buffer overflows, stealth port scans,
CGI attacks, SMB probes, and much more. Snort has a
real-time alerting capability, with alerts being sent
to syslog, a separate "alert" file, or even to a
Windows computer via Samba.
When I installed snort on my computer, I delete
tcplogd, icmplog, and other such systems.
Regards, Vladislav. ---> http://cybervlad.port5.com
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices