[svlug] Catching port scanners

Steve Hindle steve at itsage.com
Wed Mar 17 14:21:05 PST 2004

Previous message: [svlug] Catching port scanners
Next message: [svlug] Catching port scanners
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Perhaps you would like to correct my grammar and spelling?  Or better yet - 
just put me in yer kill file :-)  I think we all have better things to 
worry about.  Especially in a 1 line freaking email.

Thank you

--On Wednesday, March 17, 2004 2:15 PM -0800 "Karsten M. Self" 
<kmself at ix.netcom.com> wrote:

> on Wed, Mar 17, 2004 at 12:28:25PM -0800, Steve Hindle (steve at itsage.com)
> wrote:
>
>> > What tools do people use to identify unauthorized port scanners?
>> >
>>
>> Haven't looked at it lately, but PortSentry used to be the tool of
>> choice...
>>
>> Steve
>>
>> --On Wednesday, March 17, 2004 8:12 AM -0800 Romain Kang
>> <romain at kzsu.stanford.edu> wrote:
>
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> A: Top-posting.
> Q: What is the most annoying thing on usenet and in e-mail?
>
> For clarity and to support conversational discussion style, please use
> bottom-posting format:  your reply goes below the material cited.  Trim
> your quotes appropriately and ensure your attributions are accurate.
>
> See:
>
>     http://www.catb.org/~esr/jargon/html/email-style.html
>     http://www.faqs.org/rfcs/rfc1855.html
>     http://mailformat.dan.info/quoting/top-posting.html
>
> Thank you.
>
>
>
> Portsentry's pretty strongly deprecated, if my information's current,
> largely because it actually opens up the ports its listening on, making
> the task of actually determining what's open or not on your system
> somewhat problematic.
>
> Snort is the generally recommended approach.
>
> In most cases, firewalling your bastion well, logging suspicious
> traffic, and ignoring most of the rest, is the preferred mode.
>
> In Debian, 'apt-cache search portscan' returns among others:
>
>     scandetd - Portscan detector for GNU/Linux.
>     scanlogd - A portscan detecting tool
>     kernel-patch-psd - In-kernel Portscan Detector
>
> ...though I've not used any of these myself.
>
>
> Peace.
>
> --
> Karsten M. Self <kmself at ix.netcom.com>
> http://kmself.home.netcom.com/  What Part of "Gestalt" don't you
> understand?
>     By failing to protect the public interest in free access to the
>     products of the inventive and artistic genius -- indeed, by
>     virtually ignoring the central purpose of the Copyright/Patent
>     Clause [in the Constitution] -- the Court has quitclaimed to
>     Congress its principal responsibility in this area of the law."
>     -- Justice Stevens, J., dissenting, "Eldred v. Ashcroft"



Stephen Hindle
I.T. Sage
"Enlightened Solutions for Open Minds"
http://www.itsage.com

Previous message: [svlug] Catching port scanners
Next message: [svlug] Catching port scanners
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list