[plug] what uses port 98?
BillK
billk at iinet.net.au
Sun Nov 19 12:41:02 WST 2000
I use portsentry/logsentry and as well as using pmfirewall to set up an
initial ipchains script, went through and added a lot of extra blocks
(mostly windoze trojans). They work "well enough", but there should be
better out there now as they are getting a bit old. I think portsentry
has some configurable parameters for stealth scans. I have logsentry
set up so I get an email for any events not in the filter, so I get
single packets etc to a logged port, and portsentry kills any attempts
to scan etc by dropping the source into hosts.deny and adds an ipchains
block. Seems to work well, tells me whats going on and I have no reason
to doubt its effectiveness so far, but would like to know if there is
anything better, that doesnt make the machine unusable that is!
BillK
> My question... What tools are available to detect stealth SYN
> scans? eg, to find SYN's without matching ACK's? I've seen tools that
> simply log all TCP packets, and it would be decipherable out of them, but
> is there any way to filter out stealth scans or similar?
>
> Bernard.
>
More information about the plug
mailing list