Hello, --- Rudy Gevaert <[EMAIL PROTECTED]> wrote: > > Check out www.snort.org. Snort capable to detect > > portscans. Note, that not only portscans, but [skip] > Could I use this with ippl? Or just on portscanning > system? As you wish, but you don`t needed any additional ip-logging systems, when you use snort. You can log only headers, you can log full packets in various formats (text, syslog, tcpdump-compatible etc, include logging into sql-base). Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting capability, with alerts being sent to syslog, a separate "alert" file, or even to a Windows computer via Samba. When I installed snort on my computer, I delete tcplogd, icmplog, and other such systems.
===== Regards, Vladislav. ---> http://cybervlad.port5.com __________________________________________________ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/