-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 www.snort.org I've just put that up after testing it for a while and I love it! There's also a windows port which is what I'm using. I used IDScenter to set it up. Has an easy gui which saves you the time to do config manually. There are also different logging options which can also use SQL if you have it running although I haven't got around to doing that yet. Hope this helps Stu - -----Original Message----- From: steveat_private [mailto:steveat_private] Sent: 13 August 2003 19:48 To: incidentsat_private Subject: Tools for monitoring port scans / connection attmempts? I see a lot of people upon this list able to keep records of increases in port scans over time. For example it's common for a post to come through from a member asking about new scans on port foo - and a reply coming back saying "yes seen xxx of those since the 1st of xxx". Can I ask what software are you using to record these logs? I know that some firewall systems, like ipchains, or iptables will allow logs to be generated to syslog. However these are not terribly interesting to read - and they are hard to keep track of. I'm using a homebrewed system where I have a perl script capturing packets dumping source ip+port and destination ip+port to a database. This way I can produce pretty graphs showing scans of particular ports over time. (I'd be happy to release it if theres any interest). Steve - -- - ---------------------------------------------------------------------- - ----- - ---------------------------------------------------------------------- - ------ -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 iQIVAwUBPzrgUZMRMj30dWmZAQLSWRAAgOCexsQHY8Q7Rf4nrH9QeQwrPKuPo3Kh rTn9mxXCJ4oMCXbBa1f20t8FeZPNkTNzztufAyjLG3RzKOL39T9gecAUmDEHwDRD mgWTpIhYD/O4+YI2WzUquBZZD3DUnIOsg/rMcNuhQ5v4B4IRFGVfQ7hQsVb1w4Nv MMtR6LiSVvqjPZNRpIb34LvRgukJUHbNlXAg/aHzu7QTmfjlJ9cMUJR8M3h5jp3c Lysxyk7gJOaD9Upaicjuhk17iKv6/FLE97khgqw3C3cqpzhnYKumZsuXwui+KcV9 BMyq/DNIwMYjSFPAY48zgEp9gw7Ct74NW5/zObfgMZryNKg7XqBwbac9BcO9A9ar zMitHxXmzqXAkPV4WVpQQBjw85qrXu69n4ljQqYwuNUY3t35bIcP8HMfMuWxxr0C qRt0xDnshvDLJIfRJK/IHjkkCUYkl1vffEkKNfwKzTnqvaMTnktguPiZo54bEOdE CbEP1PV0mjNRcAO8xqCRU7tNVZo4P34JowvkkbUlCHdt+NSvAgup37TcQ9HtPhib hvS7+Tg2iDxGUb7Zsg0Fywo4akop/6bYkxAnpb176yrQG8j73E02uFA/semLJ7Jh JP+jIgn4kNp/bd56XRoA93ngO244MZb36h3NDbuN6JB9v8LFLmuKCiJZN6Dn+959 z8WpPqiXkDI= =xpnM -----END PGP SIGNATURE----- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Aug 13 2003 - 19:45:17 PDT