|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[Plug] detecting portscans
|
The program that showed me portscans like:
Sep 10 21:41:45 darxus tcplog: port 6141 request from monet
Sep 10 21:41:45 darxus tcplog: port 1991 request from monet
Sep 10 21:41:45 darxus tcplog: port 1409 request from monet
Sep 10 21:41:45 darxus tcplog: port 6141 request from monet
Sep 10 21:41:45 darxus tcplog: port 1991 request from monet
Sep 10 21:41:45 darxus tcplog: port 1507 request from monet
Sep 10 21:41:45 darxus tcplog: port 1068 request from monet
(was portscanning myself this time)
was tcplog. It's in a package called "jail" (apt-get install jail),
which also includes icmplog.
It appears as though it detects portscans even when you've got a fireall
blocking the ports being scanned, and does not cause a portscan to detect
open ports all over the place.
__________________________________________________________________
PGP fingerprint = 03 5B 9B A0 16 33 91 2F A5 77 BC EE 43 71 98 D4
darxus@op.net / http://www.op.net/~darxus
Far Beyond Reason
_______________________________________________
Plug maillist - Plug@lists.nothinbut.net
http://lists.nothinbut.net/mail/listinfo/plug
|
|