[svlug] Catching port scanners
steve at itsage.com
Wed Mar 17 14:21:05 PST 2004
Perhaps you would like to correct my grammar and spelling? Or better yet -
just put me in yer kill file :-) I think we all have better things to
worry about. Especially in a 1 line freaking email.
--On Wednesday, March 17, 2004 2:15 PM -0800 "Karsten M. Self"
<kmself at ix.netcom.com> wrote:
> on Wed, Mar 17, 2004 at 12:28:25PM -0800, Steve Hindle (steve at itsage.com)
>> > What tools do people use to identify unauthorized port scanners?
>> Haven't looked at it lately, but PortSentry used to be the tool of
>> --On Wednesday, March 17, 2004 8:12 AM -0800 Romain Kang
>> <romain at kzsu.stanford.edu> wrote:
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> A: Top-posting.
> Q: What is the most annoying thing on usenet and in e-mail?
> For clarity and to support conversational discussion style, please use
> bottom-posting format: your reply goes below the material cited. Trim
> your quotes appropriately and ensure your attributions are accurate.
> Thank you.
> Portsentry's pretty strongly deprecated, if my information's current,
> largely because it actually opens up the ports its listening on, making
> the task of actually determining what's open or not on your system
> somewhat problematic.
> Snort is the generally recommended approach.
> In most cases, firewalling your bastion well, logging suspicious
> traffic, and ignoring most of the rest, is the preferred mode.
> In Debian, 'apt-cache search portscan' returns among others:
> scandetd - Portscan detector for GNU/Linux.
> scanlogd - A portscan detecting tool
> kernel-patch-psd - In-kernel Portscan Detector
> ...though I've not used any of these myself.
> Karsten M. Self <kmself at ix.netcom.com>
> http://kmself.home.netcom.com/ What Part of "Gestalt" don't you
> By failing to protect the public interest in free access to the
> products of the inventive and artistic genius -- indeed, by
> virtually ignoring the central purpose of the Copyright/Patent
> Clause [in the Constitution] -- the Court has quitclaimed to
> Congress its principal responsibility in this area of the law."
> -- Justice Stevens, J., dissenting, "Eldred v. Ashcroft"
"Enlightened Solutions for Open Minds"
More information about the svlug