> I've been lurking in a few lists, and I keep reading about port > scans, so I'd like to learn more about them, and how to detect/log > them, etc. > > The only thing I recognize is tripwire, and that from reading it in > few posts, but it appears to be available only in rpm format, and as > source only.
As far as portscans are concerned, I use portsentry (I had the URL somewhere......try www.psionic.com) If you want to portscan your own machine, use nmap or write a simple portscanner yourself. What a portscanner essentially does is checking a target host for any ports open (each port corresponds to a certain service running, like telnetd, ftpd, httpd, echo, etc. Look in /etc/services for more info.) From there the attacker decides which exploits to use. So...essential to security is limiting the number of services running. Use inetd.conf for it. Tripwire is ok. It's primarily used for routine system check or when you suspect someone got in, and want to make sure that none of the vital programs have been changed. Use alien to convert rpm binary into deb binary, or just compile it yourself. Along with portsentry you should firewall your machine (Plannning on starting on that myself today). Its in the Security HOWTO. Andrew --------------------------------------------------------------------------- Andrei S. Ivanov [EMAIL PROTECTED] [EMAIL PROTECTED] UIN 12402354 http://scorpio.myip.org <--All the pages bundled together. ---------------------------------------------------------------------------