Hello,
--- Rudy Gevaert <[EMAIL PROTECTED]> wrote:
> > Check out www.snort.org. Snort capable to detect
> > portscans. Note, that not only portscans, but
[skip]
> Could I use this with ippl? Or just on portscanning
> system?
As you wish, but you don`t needed any additional
ip-logging systems, whe
Hello,
On Thu, 24 May 2001, Vladislav wrote:
> Check out www.snort.org. Snort capable to detect
> portscans. Note, that not only portscans, but other
> "strange" activities (i.e. tracing, os fingerprinting,
> etc) and attacks. You can download sources from
> original site or get *.deb from debia
Hello,
--- Rudy Gevaert <[EMAIL PROTECTED]> wrote:
> > Check out www.snort.org. Snort capable to detect
> > portscans. Note, that not only portscans, but
[skip]
> Could I use this with ippl? Or just on portscanning
> system?
As you wish, but you don`t needed any additional
ip-logging systems, wh
Hello,
On Thu, 24 May 2001, Vladislav wrote:
> Check out www.snort.org. Snort capable to detect
> portscans. Note, that not only portscans, but other
> "strange" activities (i.e. tracing, os fingerprinting,
> etc) and attacks. You can download sources from
> original site or get *.deb from debi
Hello,
--- Rudy Gevaert <[EMAIL PROTECTED]> wrote:
> It is my first time i'm putting up a server (at
> home, cable modem) with
> ftp/ssh/apache on it.
>
> Now I would like to know who does portscans on my
> machine, and when. And
> how many.
>
> Is there a package for it in debian? Or do I have
On Thu, May 24, 2001 at 03:47:33PM -0600, Tim Uckun wrote:
>
> >The problem with portsentry is that it binds to all the ports you are
> >watching, so people that are scanning actually see those ports open. It is
> >better to use snort, which will let you know that the scans have happened
> >withou
Hello,
--- Rudy Gevaert <[EMAIL PROTECTED]> wrote:
> It is my first time i'm putting up a server (at
> home, cable modem) with
> ftp/ssh/apache on it.
>
> Now I would like to know who does portscans on my
> machine, and when. And
> how many.
>
> Is there a package for it in debian? Or do I hav
mit --limit "$LIMIT_RATE"
#
This isn't complete as the SYN scan will still get thru BUT it will take
ages to show anything. Also use of rp_filter ('spoof' protection) helps out
to.
Ed
-Original Me
On Thu, May 24, 2001 at 03:47:33PM -0600, Tim Uckun wrote:
>
> >The problem with portsentry is that it binds to all the ports you are
> >watching, so people that are scanning actually see those ports open. It is
> >better to use snort, which will let you know that the scans have happened
> >witho
On Thu, 24 May 2001, Ed Street wrote:
> Hello,
>
> there's several methods to tell that.
>
> a) use a product like portsentry
> b) use iptables/ipchains to reject all forms of portscans
> c) don't connect the box to the inet as portscans are a fact of life ;)
>
> portsentry will trashcan any syste
--Original Message-
From: Rudy Gevaert [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 24, 2001 4:17 PM
To: debian-security@lists.debian.org
Subject: detecting portscanning
Hello Everyone,
It is my first time i'm putting up a server (at home, cable modem) with
ftp/ssh/apache on it.
Now I wou
The problem with portsentry is that it binds to all the ports you are
watching, so people that are scanning actually see those ports open. It is
better to use snort, which will let you know that the scans have happened
without the attacker being aware.
Although it binds to all the ports portse
On Thursday 24 May 2001 14:01, Rudy Gevaert wrote:
> On Thu, 24 May 2001, Rudy Gevaert wrote:
>
> Hello again,
>
> Some people suggested ippl, I installed it, and it runs. It works :-)
>
> Some other people, said I should use portsentry. And I look for it on the
> website, and it is a tar.gz file
-m limit --limit "$LIMIT_RATE"
#
This isn't complete as the SYN scan will still get thru BUT it will take
ages to show anything. Also use of rp_filter ('spoof' protection) helps out
to.
Ed
-Original
On Thu, 24 May 2001, Rudy Gevaert wrote:
Hello again,
Some people suggested ippl, I installed it, and it runs. It works :-)
Some other people, said I should use portsentry. And I look for it on the
website, and it is a tar.gz file, but in the unstable section I can find a
deb file. But I'm usi
On Thu, 24 May 2001, Ed Street wrote:
> Hello,
>
> there's several methods to tell that.
>
> a) use a product like portsentry
> b) use iptables/ipchains to reject all forms of portscans
> c) don't connect the box to the inet as portscans are a fact of life ;)
>
> portsentry will trashcan any syst
--Original Message-
From: Rudy Gevaert [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 24, 2001 4:17 PM
To: [EMAIL PROTECTED]
Subject: detecting portscanning
Hello Everyone,
It is my first time i'm putting up a server (at home, cable modem) with
ftp/ssh/apache on it.
Now I would like t
Hello Everyone,
It is my first time i'm putting up a server (at home, cable modem) with
ftp/ssh/apache on it.
Now I would like to know who does portscans on my machine, and when. And
how many.
Is there a package for it in debian? Or do I have to install something
else.
Thanks in advance,
Rud
>The problem with portsentry is that it binds to all the ports you are
>watching, so people that are scanning actually see those ports open. It is
>better to use snort, which will let you know that the scans have happened
>without the attacker being aware.
Although it binds to all the ports port
On Thursday 24 May 2001 14:01, Rudy Gevaert wrote:
> On Thu, 24 May 2001, Rudy Gevaert wrote:
>
> Hello again,
>
> Some people suggested ippl, I installed it, and it runs. It works :-)
>
> Some other people, said I should use portsentry. And I look for it on the
> website, and it is a tar.gz fil
On Thu, 24 May 2001, Rudy Gevaert wrote:
Hello again,
Some people suggested ippl, I installed it, and it runs. It works :-)
Some other people, said I should use portsentry. And I look for it on the
website, and it is a tar.gz file, but in the unstable section I can find a
deb file. But I'm us
Hello Everyone,
It is my first time i'm putting up a server (at home, cable modem) with
ftp/ssh/apache on it.
Now I would like to know who does portscans on my machine, and when. And
how many.
Is there a package for it in debian? Or do I have to install something
else.
Thanks in advance,
Ru
22 matches
Mail list logo
