hi this is just my idea...Suppose somebody portscans u using nmap , (say), he got lots of options, and if he is root on his comp, he can easily spoof the ip and he wont even do the connect scans. And IMO, as long as there is no connect scans(i'm talkingh aobut tcp only now), it is improbable that u are affected, other than as a lame DoS . So create a server from inetd, say from prot 1030, and run it as /bin/true and name it as NULL. from the tcp wrappers, log *everything* that even touches this port, and redirect all teh conneections to other p interesing ports to this. This is easily done using xinetd but u can use ipchains instead. For instance, supposing, i got to see who's the lame guy scannning me on 12345( my portsentry says attackalert and drops route.. but i need to know more..). so i redirect all the connections to 12345 to 1030, and since /bin/true ( i presume) is very safe, ican encourage that guy to initiate a connect scan and then feel the pinch. regards cheedu On Wed, 17 Jan 2001, Rick Meredith wrote:
On Tue, 16 Jan 2001, Luckson Bwalya [Asst Head - System Dev & Sup] wrote:
On Mon, 15 Jan 2001, tabanna wrote:
So, I'd like a system that monitors my Linux and takes actions (like mailing someone) when an attack occurs.
~ maybe 'PortSentry' is worth a look
best wishes
I am interested in this solution. Where can I find this software.
Hi, take a look at http://freshmeat.net. Look for Portsentry that will show you everything you need to know about Portsentry.
Mit freundlichem Gruss With best regards
Using SuSE Linux 7.0 on a PII 233 SMP Kernel: 2.2.18
-- +--- Rick Meredith / System13 -------------------------------------+ | Friedrich-Ebert-Strasse 48 Fon: +49 (0)6104-75549 | | 61379 Obertshausen Fax: +49 (0)6104-75549 | +--- Confucius say : He who play in root, eventually kill tree! ---+
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq