Hello, there's several methods to tell that.
a) use a product like portsentry b) use iptables/ipchains to reject all forms of portscans c) don't connect the box to the inet as portscans are a fact of life ;) portsentry will trashcan any system that attempts to portscan you. If your using 2.2.x you may want to put on the stealth kernel patch (freshmeat.net search for stealth) that helps hinder scans iptables has an awsome mechanism for portscans ;) in fact you can set it up so that all portscans (well most I should say) will literaly take HOURS to return nothing. Ed -----Original Message----- From: Rudy Gevaert [mailto:[EMAIL PROTECTED] Sent: Thursday, May 24, 2001 4:17 PM To: [email protected] Subject: detecting portscanning Hello Everyone, It is my first time i'm putting up a server (at home, cable modem) with ftp/ssh/apache on it. Now I would like to know who does portscans on my machine, and when. And how many. Is there a package for it in debian? Or do I have to install something else. Thanks in advance, Rudy -- ____ ___ _ _ ___ |_ / / _ \| | | |/ __| e:[EMAIL PROTECTED] phone: 0486/690159 / / | __/| |_| |\__ \ url: http://studwww.rug.ac.be/~rgevaert/ /___| \___| \__,_||___/ http://zeus.rug.ac.be -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
