Hi guys while trying to create a filter to detect port scanning against
my network I realized that we can use nfsen for other security problems
as well.
I would like to invite you discussing the possibility to use
nfsen/nfdump for common security issues detection like:
loggin attempts
portscan
relays
dos ... and other threads you would like to add.
We can share ideas about filters, profiles and other tools needed.
For example , to detect portscaning I was tring with tcpdump filter:
tcp[tcpflags] & (tcp-syn) != 0
That provides all tcp new connection attempts.
The equivalent for nfdump that worked for me is
"flags S"
So far it is providing me some interesting info for later analisys.
Ok hope to hear your ideas about this,
Leo.
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
