Mailing List Archive

Support open source code!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Logging port scans

On 07-Dec-2000 A.Sajjad Zaidi wrote:
> Hi,
> Ive been searching for a good port scan logger for a while now, but
> havent had much luck.
> I tried 'scanlogd', but that didnt work at all. I also struggled with
> 'portsentry' from Psionic, but firstly, it took up about 70% cpu and
> then the logging wasnt what i wanted.

IIRC, portsentry does much more than just detecting scans. It actually closes
ports if it detects suspicious activity, doesn't it? Do you really need that? I
use snort to detect the scans, and logwatch and logcheck to distill the logs.
They all work fine with as is with very little configuration.
Stuart Luppescu         -=-=-  University of Chicago
$(B:MJ8$HCRF`H~$NIc(B        -=-=-
PGP Public Key:
ICQ #21172047  AIM: psycho7070
May you die in bed at 95, shot by a jealous spouse.
>> Sent on 07-Dec-2000 at 14:03:49 with xfmail

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links