Mukund Deshmukh saw fit to inform LI that:
>1. nmap - a port scanner, which can be rarely detected by an average admin
>as it uses half syn attack on server.
Right - but run a good firewall, and tripwire. These can be configured
to recognize portscans such as nmap etc _and_ fire off an automatic mail
to the ip block's ARIN contact, reporting a portscan.
Minimize the services you run on your server, and don't leave open ports.
Ditch telnet and run only ssh on your server.
>3. hping - The ping utility which can ping with lots of variety including
>"death of ping"
Ever heard of ICMP, SYN etc packet filtering? Helps a lot.
>4. satan and saint - These scripts will attack the server with all the known
>exploits.
SATAN and SAINT are both outdated - any good firewall recognizes scans
from these, and other known portscan software.
---end quote---
--
Suresh Ramasubramanian | sureshr at staff.juno.com
"Give me enough medals, and I'll win any war."
-- Napolean
-----------------------------------------------------------------------
LIH is all for free speech. But it was created for a purpose - to help
people discuss issues about installing and running Linux. If your
messages are counterproductive to this purpose, your privileges to
submit messages can and will be revoked.
