I've used portsentry, hostsentry and logsentry from http://www.psionic.com They are good. Portsentry can go from benign reporting of unopen ports being querried to aggressive rules definition on the fly that will block IPs that query ports not meant to be querried. Can portsentry be integrated into Bering.
Mohan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: 01 August, 2002 5:49 AM To: [EMAIL PROTECTED] Subject: [leaf-user] descan I received a link today to a company called descan that is providing a piece of software that sits on a Linux machine (currently only those based on the 2.4 kernel) and keeps track of scan activity detected and then periodically sends this information to the company, which then looks for patterns to, among other things, identify zombies. Their link is www.descan.net I'm interested in the opinions of this group as to whether this would be a worthwhile addition to a Bering firewall and whether this is a project worth supporting. regards! paul Paul M. Wright, Jr. McKay Technologies "making technology play nice...." ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html