tracking and tracing
This is a discussion on tracking and tracing within the Linux Security forums, part of the System Security and Security Related category; Hi, I have a question. On the network is there a way to find out that your system is beeing ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
10-30-2003
|
|||
|
|||
Re: tracking and tracing
There are two possible ways.
1. Search for "scan detection software" on any search engine. 2. Run your firewall logging all incoming SYN connections. Then, when, in the log file, you see a certain IP address poking at various ports (usually in order from lowest to highest, but not necessarily every port, might probe just the more common ones), you'll know it's a scan. If you make it log to a FIFO buffer, you could come up with a "scan detection" piece of code yourself, too :) Overall, I preder the second method, since it gives you an idea of what a "scan" is actually reflected in - most are quite simple to detect by eye from logs :) - Time - Peter Le wrote: > Hi, > > I have a question. On the network is there a way > to find out that your system is beeing scan by someone, > and which port is beeing scan? > > Thanks, > > PL -- Max Belushkin 
|
|
10-30-2003
|
|||
|
|||
|
Re: tracking and tracing
Peter Le <peter.t.le@philips.com> wrote:
> On the network is there a way > to find out that your system is beeing scan by someone, > and which port is beeing scan? Of course. You're receiving packets, such scans are active. VB. -- X-Pie Software GmbH Postfach 1540, 88334 Bad Waldsee Phone +49-7524-996806 Fax +49-7524-996807 mailto:vb@x-pie.de http://www.x-pie.de
|
|
10-30-2003
|
|||
|
|||
|
Re: tracking and tracing
Thanks,
PL Maxim Belushkin wrote: > There are two possible ways. > 1. Search for "scan detection software" on any search engine. > 2. Run your firewall logging all incoming SYN connections. Then, when, > in the log file, you see a certain IP address poking at various ports > (usually in order from lowest to highest, but not necessarily every > port, might probe just the more common ones), you'll know it's a scan. > If you make it log to a FIFO buffer, you could come up with a "scan > detection" piece of code yourself, too :) > > Overall, I preder the second method, since it gives you an idea of > what a "scan" is actually reflected in - most are quite simple to > detect by eye from logs :) > > - Time - > > Peter Le wrote: > >> Hi, >> >> I have a question. On the network is there a way >> to find out that your system is beeing scan by someone, >> and which port is beeing scan? >> >> Thanks, >> >> PL >
|
|
11-02-2003
|
|||
|
|||
|
Re: tracking and tracing
On Thu, 30 Oct 2003 08:52:29 -0800, the right honourable Peter Le
<peter.t.le@philips.com> wrote: >Hi, > >I have a question. On the network is there a way >to find out that your system is beeing scan by someone, >and which port is beeing scan? > >Thanks, > >PL have a look at SNORT: www.snort.org frgr Erik
|
Linear Mode
