On Sun, Aug 31, 2003 at 02:08:45PM -0400, Eben wrote: > I would like to have Big Brother alert when a port scan is attempted > against an ipfilter firewall. > I see at least two ways that it could be accomplished: > 1. A custom Big Brother module looks at the ipfilter logs and alerts on a > port scan. > 2. Another application creates individual report files from the ipfilter > logs representing each port scan, Big Brother would then alert on the > existence of a new one. > Has anyone implemented a working solution? > My requirements are that I must use both Big Brother and ipfilter. > Thanks.
You should propably look at PortSentry ( http://packetstormsecurity.nl/UNIX/IDS/portsentry-1.1.tar.gz ). And then do some scripting :) -- Kind regards Flemming Laugaard ------------------------------------ Reality Bites... and doesn't let go. -- Unknown
