Security Incidents mailing list archives

Re: How to read port scans

From: jose () BIOCSERVER BIOC CWRU EDU (Jose Nazario)
Date: Thu, 8 Jun 2000 15:48:36 -0400


On Thu, 8 Jun 2000, Phil Curran wrote:

I am new to auditing/reading port scanning documents.  Are there any
documents/books/urls that would be able to help me in understanding
what I am reading/trying to analyze?  Any help is greatly appreciated.


'Hacking Exposed' is pretty good, covering a pretty good number of
techniques. also go through the Phrack (http://www.phrack.com/) archives
for scanning techniques:

        http://phrack.infonexus.com/search.phtml?view&article=p49-15
        http://phrack.infonexus.com/search.phtml?view&article=p51-10
        http://phrack.infonexus.com/search.phtml?view&article=p51-11
        http://phrack.infonexus.com/search.phtml?view&article=p53-13

OS fingerprinting:
        http://phrack.infonexus.com/search.phtml?view&article=p54-9

a simple NIDS (watcher)
        http://phrack.infonexus.com/search.phtml?view&article=p53-11

northcutt's book is also excellent, Network Intrusion Detection : An
Analysis Handbook
http://www.amazon.com/exec/obidos/ASIN/0735708681/qid=960492995/sr=1-1/102-7315109-2117733

and of course download a smackload of scanners from Packetstorm
(http://packetstorm.securify.com/), one of the best repositories around of
tools.

i hope this helps you get started.

jose nazario                                    jose () biochemistry cwru edu
PGP fingerprint: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc

Current thread:

How to read port scans Phil Curran (Jun 08)
- Re: How to read port scans Jose Nazario (Jun 08)
- hacked @home **update** Nick Morgowicz (Jun 08)
- Re: How to read port scans Renato Murilo Langona (Jun 08)
- Re: How to read port scans spaceork (Jun 08)
- <Possible follow-ups>
- Re: How to read port scans Bryan Scaringe (Jun 08)
- Re: How to read port scans Mark Kovach (Jun 08)