I have an idea which seems very applicable to this list; I'm not sure if it exists yet. http://sf.net/projects/protowatch/ documents my idea for a kernel patch or somesuch which would be an iptables target, accepting all connections and logging the clients initial query to a file. This would make it real easy to identify some stuff, especially TCP:6346 Gnutella and the like. Otherwise, one must allow for connections to the given port, and set up a netcat listener, which is kind of a pain in the butt. My question: does something like this exist? Justin Pryzby ---------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Apr 23 2003 - 07:17:37 PDT