Check out snort @ www.snort.org/about.html. >From site: <snip> Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient. Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. <snip> You can also write custom rulesets and integrate it with IP tables (or other firewalls) to deal with the offending IP, if you choose to do so. ----- Original Message ----- From: "Thom Larner" <[EMAIL PROTECTED]> Subject: Port scanning question > Hi all, > > As a relative newcomer to the security field, but with a reasonable amount > of experience in sys admin roles, I am now responsible for the network > security of the (small) company I work for. One of the things I would like > to do is determine if (when) our web server, which hosts our applications, > is being port scanned. How do I go about this? Are there (free or cheap) > tools that will help you do this? We run both Solaris and W2K Server boxes, > and I would like to check both. > > Now I just have to determine what, if anything, to do if (when) we are being > scanned... > > Thanks in advance for your help. > > Cheers, > > Thom. > > -------------------------------------------------------------------------- - > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > while InStat has confirmed Neoteris as the leader in marketshare. > > Find out why, and see how you can get plug-n-play secure remote access in > about an hour, with no client, server changes, or ongoing maintenance. > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > -------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
