Re: Checking port scanning?
Hi dude just try porsentry, it's a nice scan detector but be carefull: if you use portsentry and nmap your owncomputer, you'll find numerous ports open you don't use the services as portsentry watch many ports by default have fun fred On Thursday 22 March 2001 01:35, Lars Jensen wrote: How do I check if someone is scanning my ports, or hammering a certain port with requests? Thanks for any help, Lars. %%% Lars Jensen, Truckee Meadows Community College, Reno NV 89512-3999. Tel: 775.673.7113 E-mail: [EMAIL PROTECTED]
RE: Checking port scanning?
just try porsentry, it's a nice scan detector but be carefull: if you use portsentry and nmap your owncomputer, you'll find numerous ports open you don't use the services as portsentry watch many ports On Thursday 22 March 2001 01:35, Lars Jensen wrote: How do I check if someone is scanning my ports, or hammering a certain port with requests? You may also want to try iplogger. Not only will this show ALL the ports in use, not just the ones you select in portsentry. Also, portsentry actually listens on those ports it is monitoring, so if you nmap yourself for security leaks, you'll see a plethora of ports open, don't freak. HTH, Brooks
Re: Checking port scanning?
On Thu, Mar 22, 2001 at 08:31:53AM -0600, Brooks R. Robinson wrote: just try porsentry, it's a nice scan detector but be carefull: if you use portsentry and nmap your owncomputer, you'll find numerous ports open you don't use the services as portsentry watch many ports On Thursday 22 March 2001 01:35, Lars Jensen wrote: How do I check if someone is scanning my ports, or hammering a certain port with requests? You may also want to try iplogger. Not only will this show ALL the ports in use, not just the ones you select in portsentry. Also, portsentry actually listens on those ports it is monitoring, so if you nmap yourself for security leaks, you'll see a plethora of ports open, don't freak. ippl is the replacement for iplogger iirc, ippl is more configurable and better then iplogger. use ippl instead. -- ,---. Name: Alson van der Meulen Personal: [EMAIL PROTECTED] School: [EMAIL PROTECTED] `---' And what does it mean 'rm: .o: No such file or directory'? -
Re: Checking port scanning?
On Thu, Mar 22, 2001 at 08:31:53AM -0600, Brooks R. Robinson wrote: You may also want to try iplogger. Not only will this show ALL the ports in use, not just the ones you select in portsentry. Also, portsentry actually listens on those ports it is monitoring, so if you nmap yourself for security leaks, you'll see a plethora of ports open, don't freak. IIRC iplogger was obsoleted by ippl. There were some issues with remote DoS attacks against hosts running iplogger. Ippl took care of those and provides a more flexible logging mechanism. Ippl is one of the very first packages I install on any Debian box in my control. Once you've configured it right (i.e. told it not to log normal traffic like smtp connections) the output can be very interesting. I could be mistaken, and confusing iplogger with some other package, but I don't think so. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html pgpus6gAUqoGH.pgp Description: PGP signature
Re: Checking port scanning?
Re, Noah L. Meyerhans wrote: On Thu, Mar 22, 2001 at 08:31:53AM -0600, Brooks R. Robinson wrote: You may also want to try iplogger. Not only will this show ALL the ports in use, not just the ones you select in portsentry. Also, portsentry actually listens on those ports it is monitoring, so if you nmap yourself for security leaks, you'll see a plethora of ports open, don't freak. IIRC iplogger was obsoleted by ippl. There were some issues with remote DoS attacks against hosts running iplogger. Ippl took care of those and provides a more flexible logging mechanism. Ippl is one of the very first packages I install on any Debian box in my control. Once you've configured it right (i.e. told it not to log normal traffic like smtp connections) the output can be very interesting. you even should try snort. even a nice choice for port scanning and other strange attacks against your system MfG Daniel
Re: Checking port scanning?
On Thu, Mar 22, 2001 at 10:20:42AM +0100, Frédéric de Villamil wrote: Hi dude just try porsentry, it's a nice scan detector but be carefull: if you use portsentry and nmap your owncomputer, you'll find numerous ports open you don't use the services as portsentry watch many ports by default have fun fred Portsentry is a nice start, but it misses a lot of stuff. Snort is much better, but is more work to configure. Big problem with portsentry is that it binds to the ports, and makes it appear that a particular exploit might be running on your machine, this is like blood in the water to the dumber variety of script kiddies. (the vaguely smarter ones figure out that an ip with a dozen backdoor exploits is probably not really running them) -- Jim Richardson Anarchist, pagan and proud of it WWW.eskimo.com/~warlock Linux, because life's too short for a buggy OS.
Re: Checking port scanning?
i use an application called portsentry made by psionic software logs to my syslog if im getting hammered it gets ip and server names quite a nifty little app and very easy to use and install
Re: Checking port scanning?
jail, ippl, or another icmp event logger. On Wed, 21 Mar 2001, Lars Jensen wrote: How do I check if someone is scanning my ports, or hammering a certain port with requests? Thanks for any help, Lars. %%% Lars Jensen, Truckee Meadows Community College, Reno NV 89512-3999. Tel: 775.673.7113 E-mail: [EMAIL PROTECTED] -- Galt's sci-fi paradox: Stormtroopers versus Redshirts to the death. Who is John Galt? [EMAIL PROTECTED], that's who!