Nmap Announce mailing list archives
Re: Nmap and xlogmaster
From: Lamont Granquist <lamontg () raven genome washington edu>
Date: Fri, 29 Jan 1999 10:35:09 -0800
On Thu, 28 Jan 1999, HD Moore wrote:
nmap. A setup that works decently is creating lockfiles for each incoming hosts IP address, which would stop the same hosts (or 'unknown') from being scanned repeatedly. A cron script that removes these files after a certain interval (a day or so) would supplement this. Even if you are getting synflooded or scanned the script would only try to scan back if the 'unknown' lockfile didnt already exist, keeping your system from eating itself. The setup I am currently using does the usual safe_finger check, and RPC check, and finally a NetBIOS table dump for each incoming host, using the lockfile method for stopping repeated scans of the same host. Anyways, just some things I found from experience.
I did something similar for capturing phf + friends queries on our webservers. The script does a safe_finger, a traceroute, and connects to systat. It chokes itself by writing a file to /tmp with the host ip address and the time() stamp. The script itself deletes the line in /tmp if it goes over a certain number of mins. This script is still vulnerable to someone doing something dumb like spoofing massive #'s of different IP addresses, but this hasn't been a problem... -- Lamont Granquist lamontg () raven genome washington edu Dept. of Molecular Biotechnology (206)616-5735 fax: (206)685-7344 Box 352145 / University of Washington / Seattle, WA 98195 PGP pubkey: finger lamontg () raven genome washington edu | pgp -fka
Current thread:
- Nmap and xlogmaster Erik Parker (Jan 28)
- Re: Nmap and xlogmaster Max Vision (Jan 28)
- Re: Nmap and xlogmaster Adam Shostack (Jan 28)
- Re: Nmap and xlogmaster Lamont Granquist (Jan 28)
- Re: Nmap and xlogmaster Erik Parker (Jan 28)
- Re: Nmap and xlogmaster HD Moore (Jan 28)
- Re: Nmap and xlogmaster Lamont Granquist (Jan 29)
- Re: Nmap and xlogmaster Steve Palmer (Jan 28)
- Re: Nmap and xlogmaster Lamont Granquist (Jan 29)
- Re: Nmap and xlogmaster Dave Dittrich (Jan 29)
- Re: Nmap and xlogmaster Max Vision (Jan 28)