Date: 7 Dec 1997 20:40:13 -0000 From: tqbf@joshua.enteract.com To: molter@logic.it, freebsd-security@freebsd.org Subject: Re: [linux-security] New Program: Abacus Sentry - Port Scan Detector (fwd) Message-ID: <19971207204013.7135.qmail@joshua.enteract.com> In-Reply-To: <Pine.BSF.3.96.971207155453.1425A-100000@dumbwinter.logic.it>
next in thread | previous in thread | raw e-mail | index | archive | help
In muc.lists.freebsd.security, you wrote: >I though someone could be interested in this program, a port scanner >which seems more featureful than strobe (a port scanner in the >FreeBSD ports). It's not a port scanner. It's a bad port-scan detector; it's designed to tell you when things like strobe (excellent program) are run against your host. It also doesn't work. In general, you need low-level network access (packet capture) to really detect port-scans, because it's not hard to find out of a TCB exists without tickling accept(). "Sentry" just binds to a bunch of ports and trusts that if someone probes one of them, it'll notice. -- ----------------------------------------------------------------------------- Thomas H. Ptacek Secure Networks, Inc. ----------------------------------------------------------------------------- http://www.enteract.com/~tqbf "mmm... sacrilicious"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19971207204013.7135.qmail>