Nmap Announce mailing list archives
Re: Followig the detection thread
From: Jeremy Johnson <jjohnson () real com>
Date: Fri, 29 Jan 1999 15:05:37 -0800
On Fri, 29 Jan 1999, Lance Spitzner wrote:
Following the detection thread, one thing I've been playing with is having TCP wrappers listening on specific ports, then spawning various alert scripts when there is a connection (such as an alert email with src, dest, service and safe_finger). By listening on commonly scanned ports (smb,imap,telnet,portmapper, etc) I can quickly determine if a scan was conducted. By doing this on several servers, I can also quickly determine if the network was scanned.
Out of boredom a few months ago I wrote a hokey little scan detection tool.. after hearing from wrlwnd last night about some of the cool stuff you guys were doing on this list, I decided to join up. at any rate, I got bored today and updated my little "tool" if you will. It can be laughed at.. er.. found at http://www.resentment.org/projects/scan_detector/ This is just something I cranked out in PERL and I by no means a PERL sockets pro, just though that some of you might have an interest. Before you visit let me just state again that this tool is not meant to be in the same class as what some of you here are working on, but rather just a simple scanner for the dummies... Latez Jeremy
Current thread:
- Followig the detection thread Lance Spitzner (Jan 29)
- Re: Followig the detection thread Dave Dittrich (Jan 29)
- Re: Followig the detection thread Clifford Hammerschmidt (Jan 29)
- Re: Followig the detection thread Simple Nomad (Jan 29)
- Message not available
- Re: Followig the detection thread Jeremy Johnson (Jan 29)