I would agree with John, portsentry is what you're looking for. I have it on
our department's Sun Solaris boxes and it works fine. Comes with some good
advice on installing and usage as well. However, sometimes it's too good. I
keep getting warnings about attacks because there are some machines on the
university network who broadcast for printers, which portsentry sees as an
attempt to probe that port. However, you soon learn to recognize these false
alarms and you can configure portsentry to ignore them. BTW, you'd want a
suitable program for checking your logs at regular intervals (using cron)
and mail you if there's anything worth noticing. I think I ended up using
something called logchecker (if I remember correctly). Also easy to install.
I'm definitely no guru but I'll answer any questions I can.
Cheerio,
Olof
----- Original Message -----
From: "John Rye" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, September 10, 2000 12:27 AM
Subject: Re: [newbie] question
> "Daniel J. Ferris" wrote:
> >
> > What is a good program to use that will log attempts to scan your
> > box?
> >
> > Preferably something that can detect stealth scans.
> >
> > TIA,
> > Dan
>
> Take a look at 'portsentry'
>
> go to http://freshmeat.net/
>
> and search for it - I find it's pretty good.
>
> Cheers
>
> --
> ICQ# 89345394 Mailto: [EMAIL PROTECTED]
>
>
>
>
____________NetZero Free Internet Access and Email_________
Download Now http://www.netzero.net/download/index.html
Request a CDROM 1-800-333-3633
___________________________________________________________
