There are a number of different things that could alert you to a port scan, but an IDS generaly has the role of detecting these types of events. Snort is a very popular free IDS, but if would be best to install on a seperate box (if you have an old pc around) Check out their website at snort.org Reminder you will need to put this (1) on a hub that is connected to the web server or (2) on a switch port that is spanned from the web servers port or (3) a network tap If you would like some more ideas youcan e-mail me offline, there are many different ways to do this.
Mitchell ________________________________ http://www.attackprevention.com > Hi all, > > As a relative newcomer to the security field, but with a reasonable amount > of experience in sys admin roles, I am now responsible for the network > security of the (small) company I work for. One of the things I would like > to do is determine if (when) our web server, which hosts our applications, > is being port scanned. How do I go about this? Are there (free or cheap) > tools that will help you do this? We run both Solaris and W2K Server boxes, > and I would like to check both. > > Now I just have to determine what, if anything, to do if (when) we are being > scanned... > > Thanks in advance for your help. > > Cheers, > > Thom. > > ---------------------------------------------------------------------- ----- > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > while InStat has confirmed Neoteris as the leader in marketshare. > > Find out why, and see how you can get plug-n-play secure remote access in > about an hour, with no client, server changes, or ongoing maintenance. > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > ---------------------------------------------------------------------- ------ > > --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------