[logs] Fight Back

From: Ganu Skop (skopganuat_private)
Date: Wed Oct 09 2002 - 21:04:06 PDT

  • Next message: H C: "Re: [logs] Fight Back"

    Hi all,
    I could not recall if there is any discussion on the
    matter regarding detecting a tool that is used for
    _doing_evil_stuff.
    What  I am trying to do is ;  to be able to detect
    what kind of tool that is used in
    probing/scanning/evil_stuff.
    Most IDS will detect if there is hping2, nmap ,
    cybercop. But what abt other ? such as nemesis and
    most of web scanner such as stealth, screaming cobra,
    nikto ?
    I really hope to be able to sort out what kind of
    command that is used when an intruder uses nmap ( be
    it nmap -sX, -sS , -sT and etc)
    
    Thanks
    -skop
    
    
    
    =====
    //skopganu
    
    __________________________________________________
    Do you Yahoo!?
    Faith Hill - Exclusive Performances, Videos & More
    http://faith.yahoo.com
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Thu Oct 10 2002 - 06:35:47 PDT