[plug] what uses port 98?
Christian
christian at amnet.net.au
Sun Nov 19 12:19:46 WST 2000
On Sun, Nov 19, 2000 at 11:35:56AM +0800, Bernard Blackham wrote:
> My question... What tools are available to detect stealth SYN
> scans? eg, to find SYN's without matching ACK's? I've seen tools that
> simply log all TCP packets, and it would be decipherable out of them, but
> is there any way to filter out stealth scans or similar?
One that I use on some machines is ippl (IP protocols logger). It will
detect half-open scans (SYN) but not some of the more sophisticated
scans. It's main advantage is that it is very configurable in terms of
what it will log. I don't know if it has been audited though. There
are other programs that do this sort of thing too if you search
freshmeat.
Regards,
Christian.
More information about the plug
mailing list