On Tue, Jan 16, 2001 at 10:58:15AM +0100, Digital Overdrive wrote:
> [requoted]
>
> Just one question: How do you detect these scans ?
> I can't find anything in my logs, but I don't have programs like
> portsentry running. What can you (all) advice me ?
>

ipfilter here, on a freebsd box.

/etc/ipf.conf has something like
--------------
pass out quick on ed0 proto tcp from internal_net/24 to any flags S/SAFR keep state
pass out quick on ed0 proto udp from internal_net/24 to any keep state

block in log quick on ed0 all <- this is the line that gives me all messages.
---------------

I use plog (part of the ipfilter package) to generate reports on scans.

------------+------------------------------------------
Alex Popa, | "Artificial Intelligence is
razorldc.ro| no match for Natural Stupidity"
------------+------------------------------------------
"It took the computing power of three C-64s to fly to the Moon.
It takes a 486 to run Windows 95. Something is wrong here."

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]