Snort is an Open Source IDS - Intrusion Detection System - that will detect Port Scans.
I recommend reading "Network Intrusion Detection - An Analyst's Handbook" by Stephen Northcutt and Judy Nowak from New Rider's Press to get a good start in the topic. Then start setting up an IDS System, and just keep working from there. also www.sans.org has a lot of good reading material on the subjects. The book is part of the SANS official curriculum for Intrusion Detection. The best thing (meiner Meinung nach) to do when you get a positive detect for a scan is to have a script block that host on the firewall. badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg -----Ursprüngliche Nachricht----- Von: Thom Larner [mailto:[EMAIL PROTECTED] Gesendet: Tuesday, July 01, 2003 1:38 AM An: '[EMAIL PROTECTED]' Betreff: Port scanning question Hi all, As a relative newcomer to the security field, but with a reasonable amount of experience in sys admin roles, I am now responsible for the network security of the (small) company I work for. One of the things I would like to do is determine if (when) our web server, which hosts our applications, is being port scanned. How do I go about this? Are there (free or cheap) tools that will help you do this? We run both Solaris and W2K Server boxes, and I would like to check both. Now I just have to determine what, if anything, to do if (when) we are being scanned... Thanks in advance for your help. Cheers, Thom. --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
