Re: Followig the detection thread

[Jeremy Johnson <jjohnson () real com>]

On Fri, 29 Jan 1999, Lance Spitzner wrote:
> Following the detection thread, one thing I've been playing with is
> having TCP wrappers listening on specific ports, then spawning
> various alert scripts when there is a connection (such as an alert
> email with src, dest, service and safe_finger).  By listening
> on commonly scanned ports (smb,imap,telnet,portmapper, etc) I can
> quickly determine if a scan was conducted.  By doing this on several
> servers, I can also quickly determine if the network was scanned.

Out of boredom a few months ago I wrote a hokey little scan detection tool.. 
after hearing from wrlwnd last night about some of the cool stuff you guys
were doing on this list, I decided to join up. at any rate, I got bored
today and updated my little "tool" if you will. 
It can be laughed at.. er.. found at
http://www.resentment.org/projects/scan_detector/
This is just something I cranked out in PERL and I by no means a PERL
sockets pro, just though that some of you might have an interest. Before
you visit let me just state again that this tool is not meant to be in the
same class as what some of you here are working on, but rather just a
simple scanner for the dummies...

Latez
Jeremy