Bugtraq mailing list archives
Re: TCP SYN probe detection tool available
From: jwa () nbs nau edu (James W. Abendschan)
Date: Wed, 15 May 1996 18:01:56 -0700
Way back on May 15, 3:25am, Brian Mitchell wrote:
This is a good idea. I have also written a similar tool, although mine logs all syn packets. It uses the libpcap interface. Should compile under linux, freebsd, irix, sunos, solaris, etc. It is available at http://www.saturn.net/~brian/files/clog-001.tar.gz (libpcap is not included with the distribution).
Well, while we're on the subject.. I've written a perl script to do a similar task-- mine logs all SYN packets (although you can exclude data destined for a particular port; I exclude port 80 and 113 as they generate so much traffic) as well as logging portscans. It requires tcpdump and a little bit of hacking to get it to work on your particular subnet, but it doesn't chew alot of CPU time -- unless, of course, someone is doing a portscan :-) You can find it at http://www.nbs.nau.edu/~jwa/Security/synsniff.tar.gz Comments/suggestions about how to improve it are welcome. James -- James W. Abendschan Email: jwa () nbs nau edu UNIX Systems Programmer/Administrator Phone: (520) 556-7466 x238 Colorado Plateau Research Station, Flagstaff, AZ Voice mail: *516
Current thread:
- Re: SunOS 4.1.4 fingerd, (continued)
- Re: SunOS 4.1.4 fingerd Yiorgos Adamopoulos (May 17)
- Re: SunOS 4.1.4 fingerd David B. Vanderpool (May 17)
- Re: SunOS 4.1.4 fingerd Taner Halicioglu (May 17)
- Re: SunOS 4.1.4 fingerd Craig Raskin (May 17)
- Re: SunOS 4.1.4 fingerd Ed Arnold (May 16)
- Re: SunOS 4.1.4 fingerd Patrick Ferguson (May 20)
- Re: SunOS 4.1.4 fingerd Eilon Gishri (May 21)
- Re: SunOS 4.1.4 fingerd Alan Brown (May 22)
- CERT Vendor-Initiated Bulletin VB-96.06 - FreeBSD CERT Bulletin (May 20)
- Re: SunOS 4.1.4 fingerd invalid opcode (May 16)
- Re: TCP SYN probe detection tool available Henri Karrenbeld (May 16)
- Re: TCP SYN probe detection tool available Brian Mitchell (May 16)
- Re: TCP SYN probe detection tool available Mike Neuman (May 16)
- Re: TCP SYN probe detection tool available Darren Reed (May 26)
- Re: TCP SYN probe detection tool available JaDe (May 16)