TLUG Mailing List

Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Logging port scans

To: tlug@example.com

Subject: RE: Logging port scans

From: s-luppescu@example.com

Date: Thu, 07 Dec 2000 14:07:06 -0600 (CST)

Content-Transfer-Encoding: 8bit

Content-Type: text/plain; charset=us-ascii

In-Reply-To: <3A2F1F64.C789E56E@example.com>

Organization: Univ of Chicago

Reply-To: s-luppescu@example.com

Resent-From: tlug@example.com

Resent-Message-ID: <KQanUB.A.3FF.y3-L6@example.com>

Resent-Sender: tlug-request@example.com

Sender: sl70@example.com
On 07-Dec-2000 A.Sajjad Zaidi wrote:
> Hi,
> 
> Ive been searching for a good port scan logger for a while now, but
> havent had much luck.
> 
> I tried 'scanlogd', but that didnt work at all. I also struggled with
> 'portsentry' from Psionic, but firstly, it took up about 70% cpu and
> then the logging wasnt what i wanted.

IIRC, portsentry does much more than just detecting scans. It actually closes
ports if it detects suspicious activity, doesn't it? Do you really need that? I
use snort to detect the scans, and logwatch and logcheck to distill the logs.
They all work fine with as is with very little configuration.
______________________________________________________________________
Stuart Luppescu         -=-=-  University of Chicago
$(B:MJ8$HCRF`H~$NIc(B        -=-=-  s-luppescu@example.com
http://www.consortium-chicago.org/people/sl/sl.html
PGP Public Key: www.consortium-chicago.org/people/sl/pubkey.asc
ICQ #21172047  AIM: psycho7070
May you die in bed at 95, shot by a jealous spouse.
>> Sent on 07-Dec-2000 at 14:03:49 with xfmail
References:

Logging port scans
From: "A.Sajjad Zaidi" <sajjad@example.com>

Prev by Date: Re: easy-directories

Next by Date: Re: Re: Re: A Question about NFS

Prev by thread: Re: Logging port scans

Next by thread: easy-directories

Index(es):

Date

Thread

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links