IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Port/Host Scanning Techniques

From: "MARTIN M. Bénoni" <benoni_martin () hotmail com>
Date: Thu, 26 Feb 2004 10:19:45 +0000
Hi!
Well, it depends a little bit on what kind of IDS you have set up, but usually the ways to detect port scanning are: - How much ports are scanned in a given time (for ex. more than 5 ports attempts in less than 2 minutes mean a port scan), 
- the types of requests (XFin, Xmas, Null, ...),
- the behaviour (sending a RST after a SYN - SYN/ACK instead of a ACK),
- ...





From: "Tarek Amr Abdullah" <tabdullah () salec com eg>
To: <focus-ids () securityfocus com>
Subject: Port/Host Scanning Techniques
Date: Wed, 25 Feb 2004 09:37:19 +0200



Hi there

Does anyone know the current techniques used in IDSs in order to detect
Host Scanning and Port Scanning? I think it is something related to
traffic / protocol anomaly. But does anyone know more details about the
implementation.

Thanks in advance


---------------------------------------------------------------------------
---------------------------------------------------------------------------



_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail 


---------------------------------------------------------------------------
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: