[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: detecting portscanning

--- Rudy Gevaert <webworm@zeus.rug.ac.be> wrote:

> > Check out www.snort.org. Snort capable to detect
> > portscans. Note, that not only portscans, but
> Could I use this with ippl?  Or just on portscanning
> system?
As you wish, but you don`t needed any additional
ip-logging systems, when you use snort. You can log
only headers, you can log full packets in various
formats (text, syslog, tcpdump-compatible etc, include
logging into sql-base).
Snort is a libpcap-based packet sniffer/logger which
can be used as a lightweight network intrusion
detection system. It features rules based logging and
can perform content searching/matching in addition to
being used to detect a variety of other attacks and
probes, such as buffer overflows, stealth port scans,
CGI attacks, SMB probes, and much more. Snort has a
real-time alerting capability, with alerts being sent
to syslog, a separate "alert" file, or even to a
Windows computer via Samba. 
When I installed snort on my computer, I delete
tcplogd, icmplog, and other such systems.

Regards, Vladislav. ---> http://cybervlad.port5.com

Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices

Reply to: