Re: Checking port scanning?
Re,
"Noah L. Meyerhans" wrote:
> On Thu, Mar 22, 2001 at 08:31:53AM -0600, Brooks R. Robinson wrote:
>
> > You may also want to try iplogger. Not only will this show ALL the ports in
> > use, not just the ones you select in portsentry. Also, portsentry actually
> > listens on those ports it is monitoring, so if you nmap yourself for
> > security leaks, you'll see a plethora of ports open, don't freak.
>
> IIRC iplogger was obsoleted by ippl. There were some issues with remote
> DoS attacks against hosts running iplogger. Ippl took care of those and
> provides a more flexible logging mechanism. Ippl is one of the very
> first packages I install on any Debian box in my control. Once you've
> configured it right (i.e. told it not to log normal traffic like smtp
> connections) the output can be very interesting.
>
you even should try snort. even a nice choice for port scanning and other strange
attacks against your system
MfG Daniel
Reply to: