Nmap Announce mailing list archives
Followig the detection thread
From: Lance Spitzner <spitzner () dimension net>
Date: Fri, 29 Jan 1999 11:39:49 -0500 (EST)
Following the detection thread, one thing I've been playing with is having TCP wrappers listening on specific ports, then spawning various alert scripts when there is a connection (such as an alert email with src, dest, service and safe_finger). By listening on commonly scanned ports (smb,imap,telnet,portmapper, etc) I can quickly determine if a scan was conducted. By doing this on several servers, I can also quickly determine if the network was scanned. Of course, since I'm using TCP wrappers, it will not detect -sS or -sF scans. Not the ultimate soltion, but something I've been playing with and having good results. Lance
Current thread:
- Followig the detection thread Lance Spitzner (Jan 29)
- Re: Followig the detection thread Dave Dittrich (Jan 29)
- Re: Followig the detection thread Clifford Hammerschmidt (Jan 29)
- Re: Followig the detection thread Simple Nomad (Jan 29)
- Message not available
- Re: Followig the detection thread Jeremy Johnson (Jan 29)