----- Original Message ----- From: "Flemming Laugaard" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, August 31, 2003 2:31 PM Subject: Re: ipfilter/Big Brother integration?
> On Sun, Aug 31, 2003 at 02:08:45PM -0400, Eben wrote: > > I would like to have Big Brother alert when a port scan is attempted > > against an ipfilter firewall. > > I see at least two ways that it could be accomplished: > > 1. A custom Big Brother module looks at the ipfilter logs and alerts on a > > port scan. > > 2. Another application creates individual report files from the ipfilter > > logs representing each port scan, Big Brother would then alert on the > > existence of a new one. > > Has anyone implemented a working solution? > > My requirements are that I must use both Big Brother and ipfilter. > > Thanks. > > You should propably look at PortSentry > ( http://packetstormsecurity.nl/UNIX/IDS/portsentry-1.1.tar.gz ). You might better served by going to http://sourceforge.net/projects/sentrytools/. It appears that this is where it's being maintained since the Cisco buyout of Psionic Software. I use it to send me email alerts when it detects a scan. The script is really pretty trivial. I imagine that the script for triggering a BigBrother alert would be similarly trivial. -tom
