Re: [logs] Fight Back

From: Jose Nazario (joseat_private)
Date: Mon Oct 14 2002 - 06:17:40 PDT

  • Next message: Seymour, Keith: "RE: [logs] Fight Back"

    On Sun, 13 Oct 2002, Ganu Skop wrote:
    
    > Snort will detect say that Nmap TCP scan and -sS scan - but it's still
    > limited. I really would love to know what tool the intruder used. any
    > idea ?
    
    depends on the tests run, but nesses leaves a few telltale signs in logs
    when all tests are run. same for saint and satan.
    
    i kindly suggest you run these tools against your own systems and watch
    for logfile output. it's quite obvious when you find it.
    
    ___________________________
    jose nazario, ph.d.			joseat_private
    					http://www.monkey.org/~jose/
    
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Wed Oct 16 2002 - 11:25:32 PDT