Bugtraq mailing list archives

TCP SYN probe detection tool available

From: Doug.Hughes () Eng Auburn EDU (Doug Hughes)
Date: Tue, 14 May 1996 16:29:39 -0500


In light of the recent revival of interest in the TCP SYN probe
that were undetected by conventional daemon means (e.g. klaxon),
I wrote a promiscuous network monitor that runs as a packet filter
and will catch any packet on the network that matches services
that are given to the program as command line arguments. So far
it runs on SunOS4.1.X (NIT) and Solaris2.X(DLPI). Individuals
interested in running it on other architectures would need to
do some porting. The DLPI code should be portable to other DLPI
implementations. On SunOS and Solaris all you have to do is type
Make. The README explains options, history, and implementation.


Sample usage:
./tocsin tcpmux rje courier rmonitor link ttylink supdup

It automatically backgrounds itself (unless run in debug mode).
There is also a compile time option that will make it only match
packets to the destination network that the program is listening
on.

availability:
ftp.eng.auburn.edu:pub/doug/tocsin.tar.gz
http://www.eng.auburn.edu/users/doug/second.html

Current thread:

TCP SYN probe detection tool available Doug Hughes (May 14)
- Re: TCP SYN probe detection tool available Brian Mitchell (May 15)
  - information on syslog bug wanted ALEXANDER SCHUETZ (May 17)
  - BoS: SECURITY BUG in FreeBSD Krzysztof Labanowski (May 17)
    - Re: BoS: SECURITY BUG in FreeBSD Dan Cross (May 17)
    - Re: BoS: SECURITY BUG in FreeBSD Steve Reid (May 17)
- <Possible follow-ups>
- Re: TCP SYN probe detection tool available redeye () compulink gr (May 15)
  - Re: TCP SYN probe detection tool available Casper Dik (May 16)
    - SunOS 4.1.4 fingerd Andy Dills (May 16)
    - Re: SunOS 4.1.4 fingerd Dave Dittrich (May 16)
    - Re: fingerd problems Elliot Lee (May 16)

(Thread continues...)