Look for portsentry and logcheck. Used to be available from www.psionic.com before Psionic got bought out by Cisco. I think there are mirrors of the source code, though, if you do a quick search via google. Tony steveat_private wrote: > I see a lot of people upon this list able to keep records > of increases in port scans over time. > > For example it's common for a post to come through from a > member asking about new scans on port foo - and a reply coming > back saying "yes seen xxx of those since the 1st of xxx". > > Can I ask what software are you using to record these logs? > > I know that some firewall systems, like ipchains, or iptables > will allow logs to be generated to syslog. However these are > not terribly interesting to read - and they are hard to keep > track of. > > I'm using a homebrewed system where I have a perl script > capturing packets dumping source ip+port and destination ip+port > to a database. This way I can produce pretty graphs showing > scans of particular ports over time. > > (I'd be happy to release it if theres any interest). > >Steve >-- > >--------------------------------------------------------------------------- >---------------------------------------------------------------------------- > > > > > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Aug 13 2003 - 19:57:45 PDT