On Sun, 13 Oct 2002, Ganu Skop wrote: > Snort will detect say that Nmap TCP scan and -sS scan - but it's still > limited. I really would love to know what tool the intruder used. any > idea ? depends on the tests run, but nesses leaves a few telltale signs in logs when all tests are run. same for saint and satan. i kindly suggest you run these tools against your own systems and watch for logfile output. it's quite obvious when you find it. ___________________________ jose nazario, ph.d. joseat_private http://www.monkey.org/~jose/ _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Oct 16 2002 - 11:25:32 PDT