From owner-freebsd-security Sun Mar 25 4:32:44 2001 Delivered-To: freebsd-security@freebsd.org Received: from dnull.com (dnull.com [209.133.53.79]) by hub.freebsd.org (Postfix) with ESMTP id 06F7037B71A for ; Sun, 25 Mar 2001 04:32:40 -0800 (PST) (envelope-from jessem@jigsaw.svbug.com) Received: from jigsaw.svbug.com ([198.79.110.2]) by dnull.com (8.8.8/8.8.8) with ESMTP id EAA50037; Sun, 25 Mar 2001 04:32:57 -0800 (PST) Message-Id: <200103251232.EAA50037@dnull.com> Date: Sun, 25 Mar 2001 04:32:22 -0800 (PST) From: jessem@livecam.com Reply-To: jessemonroy@email.com Subject: Re: Fwd: A Simple TCP Port Alarm To: domas.mituzas@delfi.lt Cc: security@FreeBSD.ORG In-Reply-To: MIME-Version: 1.0 Content-Type: TEXT/plain; CHARSET=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 25 Mar, Domas Mituzas wrote: > Hi, >> I've written a simple TCP port alarm in Perl. >> The default configuration spoofs the daytime service on port 13. >> It logs all connections, then emails to the configured recipient. >> You can check it out at: > > How is it connected with security? :-) Actually tcpwrappers > (hosts.allow) support various actions on denied or accepted connections, > like sending email message or a bomb to the blackhat. There are a lot of > other tools like portsentry, that happen to be rather succesful. > Yes, that is correct. There are many programs out there. They are all complicated and time consuming to use. If you are familiar with Perl, then you might find this program interesting. Any one faint of heart, but interested in security would do well to pay money for something. This tools is strictly for hacker types. As for the security aspect, this program is intended for as an early detection system. It is not complete. It was not intended to be so. > And connections to daytime service are often very hazardous. Time is > very valuable information, so we'd log all connections, that are trying to > obtain it from us, cause a simple leak will make whole network open to bad > guys. > I'm not sure what your point is. The daytime service on port 13 is intended for diagnostics. Follow the link to the program, RTFM. The RFC plainly says, daytime is diagnostic. Your comments don't make any sense to me. Perhaps, because it is 4:30am (local time). Perhaps you could reword them and try again. :-) > No offence, congrats dear Linux coder, you've written your first public > software :) (How long are you going to support it?) > This is far from a *inx hack. And this is not my first public code. You can find program with my name going back to 1996. I'm not going to support this. It is not going to do anything else. If someone finds a bug in it, it is only 120 lines of code and I hardly think anyone mucking with this program will have a hard time fixing it. Best Regards, Jessem. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message