Security Incidents mailing list archives

Re: How to read port scans

From: renato () LINUX REDEBRASIL ORG BR (Renato Murilo Langona)
Date: Thu, 8 Jun 2000 16:52:29 -0300


Hi,

Phil Curran wrote:


I am new to auditing/reading port scanning documents.  Are there any
documents/books/urls that would be able to help me in understanding what I am
reading/trying to analyze?  Any help is greatly appreciated.

Phil Curran
phil_curran () campbellsoup com


I have links for good ones I've read (most linux):

"Interpreting Network Traffic:
A Network Intrusion Detector's Look
      at Suspicious Events
      by Richard Bejtlich
     bejtlich () altavista net"

http://www.linuxsecurity.com.br/info/IDS/interpret.ids.txt

"FAQ: Network Intrusion Detection Systems"

http://www.linuxsecurity.com.br/info/IDS/network-intrusion-detection.htm

"Focus On Linux: Intrusion Detection on Linux" (SecurityFocus)

http://www.linuxsecurity.com.br/info/IDS/linux-focus.ids.html

I think I don't have to mention the great Lance Spitzner Publications,
but:

http://www.enteract.com/~lspitz/pubs.html (read em' all)

Have a good readin',
Best regards,

--
[Renato Murilo Langona]
Network/System Administrator/Consultant
Site: http://www.linuxsecurity.com.br/renato
Contact mail: renato () unix barroco com br
Contact Phone: (+5511) 9115 0606 (BR/SP)
http://pgp5.ai.mit.edu:11371/pks/lookup?op=get&search=0x4DBD311A

Current thread:

How to read port scans Phil Curran (Jun 08)
- Re: How to read port scans Jose Nazario (Jun 08)
- hacked @home **update** Nick Morgowicz (Jun 08)
- Re: How to read port scans Renato Murilo Langona (Jun 08)
- Re: How to read port scans spaceork (Jun 08)
- <Possible follow-ups>
- Re: How to read port scans Bryan Scaringe (Jun 08)
- Re: How to read port scans Mark Kovach (Jun 08)