From owner-freebsd-security Sun Dec 7 23:05:07 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id XAA07032 for security-outgoing; Sun, 7 Dec 1997 23:05:07 -0800 (PST) (envelope-from owner-freebsd-security) Received: from ns.mt.sri.com (sri-gw.MT.net [206.127.105.141]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id XAA07021 for ; Sun, 7 Dec 1997 23:05:01 -0800 (PST) (envelope-from nate@mt.sri.com) Received: from mt.sri.com (rocky.mt.sri.com [206.127.76.100]) by ns.mt.sri.com (8.8.8/8.8.8) with SMTP id AAA18865; Mon, 8 Dec 1997 00:04:56 -0700 (MST) (envelope-from nate@rocky.mt.sri.com) Received: by mt.sri.com (SMI-8.6/SMI-SVR4) id AAA10395; Mon, 8 Dec 1997 00:04:54 -0700 Date: Mon, 8 Dec 1997 00:04:54 -0700 Message-Id: <199712080704.AAA10395@mt.sri.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: tqbf@enteract.com Cc: molter@logic.it, freebsd-security@FreeBSD.ORG Subject: Re: [linux-security] New Program: Abacus Sentry - Port Scan Detector (fwd) In-Reply-To: <19971207204013.7135.qmail@joshua.enteract.com> References: <19971207204013.7135.qmail@joshua.enteract.com> X-Mailer: VM 6.29 under 19.15 XEmacs Lucid Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > In muc.lists.freebsd.security, you wrote: > >I though someone could be interested in this program, a port scanner > >which seems more featureful than strobe (a port scanner in the > >FreeBSD ports). > > It's not a port scanner. It's a bad port-scan detector; it's designed to > tell you when things like strobe (excellent program) are run against your > host. > It also doesn't work. In general, you need low-level network access > (packet capture) to really detect port-scans.... You mean something like IPFW in 'paranoid' mode? *grin* I've gotten probed a couple of times, and even on ports that have active processes running on them. IPFW is *great* for that sort of thing, even if you aren't paranoid. (But you should be nowadays...) Nate