On Wed, 19 Sep 2001, David Douthitt wrote:
> I've packaged a couple of scripts that tie into PortSentry which page me
> (and send email) every time one tries to connect to a port protected by
> PortSentry.
>
> One sends out a page based on the command line by using an email gateway
> (you'll have to figure out your own).
>
> The other does the work; it sends out the page, as well as formulating a
> big email with all the details possible about the source IP.
>
> This current script will, if the binaries are available, do the
> following (all against the source IP address):
>
> * whois (administrative contacts and IP block owner)
> * dig (name lookup and name servers)
> * traceroute (how long? what routers between here and there?)
> * tcptraceroute (same as traceroute, but uses TCP not ICMP - pierces
> some firewalls)
> * ping (how long does it take to get there?)
> * nmap (what ports do they have open? What are they running?)
>
> The last four also help to identify that this is a REAL host active on
> the network.
>
> The nmap option is in the script but not run by default: some sites
> could classify a nmap probe as hostile behavior (and perhaps illegal
> behavior). The nmap line is commented out.
>
> The package is at
> http://leaf.sourceforge.net/pub/oxygen/packages/alert.lrp
>
> Enjoy!
>
Cool, I installed it -- will let you know how it acts.
--
Jack Coates
Monkeynoodle: A Scientific Venture...
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
