Date: Mon, 8 Dec 1997 00:04:54 -0700 From: Nate Williams <nate@mt.sri.com> To: tqbf@enteract.com Cc: molter@logic.it, freebsd-security@FreeBSD.ORG Subject: Re: [linux-security] New Program: Abacus Sentry - Port Scan Detector (fwd) Message-ID: <199712080704.AAA10395@mt.sri.com> In-Reply-To: <19971207204013.7135.qmail@joshua.enteract.com> References: <Pine.BSF.3.96.971207155453.1425A-100000@dumbwinter.logic.it> <19971207204013.7135.qmail@joshua.enteract.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> In muc.lists.freebsd.security, you wrote: > >I though someone could be interested in this program, a port scanner > >which seems more featureful than strobe (a port scanner in the > >FreeBSD ports). > > It's not a port scanner. It's a bad port-scan detector; it's designed to > tell you when things like strobe (excellent program) are run against your > host. > It also doesn't work. In general, you need low-level network access > (packet capture) to really detect port-scans.... You mean something like IPFW in 'paranoid' mode? *grin* I've gotten probed a couple of times, and even on ports that have active processes running on them. IPFW is *great* for that sort of thing, even if you aren't paranoid. (But you should be nowadays...) Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199712080704.AAA10395>