Bugtraq mailing list archives
Re: TCP SYN probe detection tool available
From: brian () saturn net (Brian Mitchell)
Date: Wed, 15 May 1996 03:25:52 -0400
On Tue, 14 May 1996, Doug Hughes wrote:
In light of the recent revival of interest in the TCP SYN probe that were undetected by conventional daemon means (e.g. klaxon), I wrote a promiscuous network monitor that runs as a packet filter and will catch any packet on the network that matches services that are given to the program as command line arguments. So far it runs on SunOS4.1.X (NIT) and Solaris2.X(DLPI). Individuals interested in running it on other architectures would need to do some porting. The DLPI code should be portable to other DLPI implementations. On SunOS and Solaris all you have to do is type Make. The README explains options, history, and implementation.
This is a good idea. I have also written a similar tool, although mine logs all syn packets. It uses the libpcap interface. Should compile under linux, freebsd, irix, sunos, solaris, etc. It is available at http://www.saturn.net/~brian/files/clog-001.tar.gz (libpcap is not included with the distribution). Brian Mitchell brian () saturn net Public key available http://www.saturn.net/~brian/pubkey "I never give them hell. I just tell the truth and they think it's hell" - H. Truman
Current thread:
- TCP SYN probe detection tool available Doug Hughes (May 14)
- Re: TCP SYN probe detection tool available Brian Mitchell (May 15)
- information on syslog bug wanted ALEXANDER SCHUETZ (May 17)
- BoS: SECURITY BUG in FreeBSD Krzysztof Labanowski (May 17)
- Re: BoS: SECURITY BUG in FreeBSD Dan Cross (May 17)
- Re: BoS: SECURITY BUG in FreeBSD Steve Reid (May 17)
- <Possible follow-ups>
- Re: TCP SYN probe detection tool available redeye () compulink gr (May 15)
- Re: TCP SYN probe detection tool available Casper Dik (May 16)
- SunOS 4.1.4 fingerd Andy Dills (May 16)
- Re: SunOS 4.1.4 fingerd Dave Dittrich (May 16)
- Re: fingerd problems Elliot Lee (May 16)
- Re: fingerd problems Jon Lewis (May 16)
- Re: TCP SYN probe detection tool available Casper Dik (May 16)
- Re: TCP SYN probe detection tool available Brian Mitchell (May 15)