Detect a portscan attac
Cheers List ! I am thinking about a solution to disallow access to my server for all those who have made a portscan. I would like to insert their IP's into the /etc/host.deny file. Does anybody know a way how to detect whether someone does a portscan ? would be kind ! cheers & thx in advanced patric illi
This is a really retarded thing to do. I will spoof a scan from the IP
address of your gateway for example and you will fall off the internet =).
Automatic reaction to attacks is very tricky to do right.
-Kurt
----- Original Message -----
From: "patric illi"
Cheers List !
I am thinking about a solution to disallow access to my server for all those who have made a portscan. I would like to insert their IP's into the /etc/host.deny file.
Does anybody know a way how to detect whether someone does a portscan ?
would be kind !
cheers & thx in advanced
patric illi
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
* patric illi
Cheers List !
I am thinking about a solution to disallow access to my server for all those who have made a portscan. I would like to insert their IP's into the /etc/host.deny file.
Does anybody know a way how to detect whether someone does a portscan ?
you may try portsentry which will do that or use snort+guardian -- Togan Muftuoglu
You want to block all ppl who scan U ... I think that's right ...there is an easy way with snort, guardian and IPChains (IPTables) ... the both/three programs work together very nice, and guardian changes your IPChain-Rules automatically to block user. Just add a rule, that portscanning user should be blocked ... that's all ... Greetings Am Freitag, 25. Mai 2001 10:48 schrieben Sie:
Cheers List !
I am thinking about a solution to disallow access to my server for all those who have made a portscan. I would like to insert their IP's into the /etc/host.deny file.
Does anybody know a way how to detect whether someone does a portscan ?
would be kind !
cheers & thx in advanced
patric illi
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (4)
-
Boris Schauerte
-
Kurt Seifried
-
patric illi
-
Togan Muftuoglu