Security Incidents mailing list archives
Re: How to read port scans
From: jose () BIOCSERVER BIOC CWRU EDU (Jose Nazario)
Date: Thu, 8 Jun 2000 15:48:36 -0400
On Thu, 8 Jun 2000, Phil Curran wrote:
I am new to auditing/reading port scanning documents. Are there any documents/books/urls that would be able to help me in understanding what I am reading/trying to analyze? Any help is greatly appreciated.
'Hacking Exposed' is pretty good, covering a pretty good number of techniques. also go through the Phrack (http://www.phrack.com/) archives for scanning techniques: http://phrack.infonexus.com/search.phtml?view&article=p49-15 http://phrack.infonexus.com/search.phtml?view&article=p51-10 http://phrack.infonexus.com/search.phtml?view&article=p51-11 http://phrack.infonexus.com/search.phtml?view&article=p53-13 OS fingerprinting: http://phrack.infonexus.com/search.phtml?view&article=p54-9 a simple NIDS (watcher) http://phrack.infonexus.com/search.phtml?view&article=p53-11 northcutt's book is also excellent, Network Intrusion Detection : An Analysis Handbook http://www.amazon.com/exec/obidos/ASIN/0735708681/qid=960492995/sr=1-1/102-7315109-2117733 and of course download a smackload of scanners from Packetstorm (http://packetstorm.securify.com/), one of the best repositories around of tools. i hope this helps you get started. jose nazario jose () biochemistry cwru edu PGP fingerprint: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc
Current thread:
- How to read port scans Phil Curran (Jun 08)
- Re: How to read port scans Jose Nazario (Jun 08)
- hacked @home **update** Nick Morgowicz (Jun 08)
- Re: How to read port scans Renato Murilo Langona (Jun 08)
- Re: How to read port scans spaceork (Jun 08)
- <Possible follow-ups>
- Re: How to read port scans Bryan Scaringe (Jun 08)
- Re: How to read port scans Mark Kovach (Jun 08)