Detect/Alert portscan HELP!!!!

Detect/Alert portscan HELP!!!!

Post by Dave » Tue, 11 Jul 2000 04:00:00



Hi there,

I set up my linux box (SUSE 6.1) beeing my PPP-Server to the internet.
To provide some sort of security I use IPCHAINS to block any unwanted
intrusions.
After letting all ports I need to the box I deny anything else.
I would like to have my linux box alert me, if e.g. somebody portscans my
box or uses
a port explicitly DENIED in IPCAHAINS.
Of course I can see anything in /var/log/messages but I was thinking of
something like
a mail to root etc.

Anybody have an idea ?

Thanks

Dave

--------------
To mailme, remove NOSPAM in email address.

 
 
 

Detect/Alert portscan HELP!!!!

Post by Hartje Brun » Tue, 11 Jul 2000 04:00:00


There are a lot of tools ...
maybe u want to try this
http://www.psionic.com/abacus/portsentry/

Hartje

Quote:>>>>>>>>>>>>>>>>>> Ursprngliche Nachricht <<<<<<<<<<<<<<<<<<


Detect/Alert portscan HELP!!!!:
Quote:> Hi there,
> I set up my linux box (SUSE 6.1) beeing my PPP-Server to the internet.
> To provide some sort of security I use IPCHAINS to block any unwanted
> intrusions.
> After letting all ports I need to the box I deny anything else.
> I would like to have my linux box alert me, if e.g. somebody portscans my
> box or uses
> a port explicitly DENIED in IPCAHAINS.
> Of course I can see anything in /var/log/messages but I was thinking of
> something like
> a mail to root etc.
> Anybody have an idea ?
> Thanks
> Dave
> --------------
> To mailme, remove NOSPAM in email address.


 
 
 

1. Need program to detect outgoing portscans from my network

Hello all,

I need to be able to detect portscans from two servers on my subnet
(these servers are not administered by me, but I can sniff their
traffic)

I've tried snort with mixed results.

By default snort doesn't log scans from my net to external net (only
the other way around)

I tried changing the preprocessor portscan: to any and now I am able
to detect portscans from any machine on my subnet to the outside but
now even web browsing traffic is being picked up as portscans.

So any suggestions would be appreciated.

Thanks

2. KDE install problem solved

3. detect portscanning !

4. help! s3 trio 64 does not work !

5. Detecting portscans in ipflog.

6. Lisp interpreter availability...

7. localhost portscan detects 2 randomly opened and closed ports - other hosts cannot see these open

8. Change shell script to C ?

9. Portscan detected from 192.168.100.100

10. ksh...newbie alert..newbie alert

11. Portscan help

12. Help!! Snort detected portscan, is it coming from me?

13. Help with Snort alerts