Hi all, I could not recall if there is any discussion on the matter regarding detecting a tool that is used for _doing_evil_stuff. What I am trying to do is ; to be able to detect what kind of tool that is used in probing/scanning/evil_stuff. Most IDS will detect if there is hping2, nmap , cybercop. But what abt other ? such as nemesis and most of web scanner such as stealth, screaming cobra, nikto ? I really hope to be able to sort out what kind of command that is used when an intruder uses nmap ( be it nmap -sX, -sS , -sT and etc) Thanks -skop ===== //skopganu __________________________________________________ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos & More http://faith.yahoo.com _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Oct 10 2002 - 06:35:47 PDT