Yes the victim can detect such scans(see below).
Not in every case :-(
Does SuSE 6.x contain any tools to do that ?
Yes, the package scanlogd i guess it's in series "sec".
As far as I know scanlogd is a relatively simple program that doesn't help much. I've never seen a scanlogd warning (on our own server, of course) when trying nmap scans. And there were quite a few postings on this list that reported false scanlogd alarms (during normal FTP sessions etc.). scanlogd logs a warning if there are many simple connects to a range of ports with ascending numbers (I believe) in a certain time frame. But nmap is a *really* powerful scanner that can do many different types of scans which aren't easy to detect. And if you scan a range of port numbers using nmap nmap is clever enough to try the ports in a random order...
PS: I ask me, if it is legal to do portscans on any sites ?
Just ask your self, what would you think if somebody scans your host(s)/net(s).
Well, I'm not sure if a scan legally is considered an attack, but security aware admins *do* consider it at least a kind of attack.
So better don't do such things.
Exactly. Jan Hildebrandt -- jan.hildebrandt@mathema.de MATHEMA Software GmbH (http://www.mathema.de) Nägelsbachstraße 25a D-91052 Erlangen, Germany Tel: (+49)9131/8903-0 Fax: (+49)9131/8903-55