Scanning hosts connecting to a linuxbox.

["Mike A. Harris" <mharris () ican net>]

I am connected via dialup PPP to the net, and I run a simple
firewall.  Normally, there is no need whatsoever for someone to
be connecting to any services running on my machine.  Most of the
time the machine has no visible external service running anyways,
thanks to the firewall, and tcpwrappers, however occasionally I
run ssh/telnet/ftp/http for someone, or for remote access to my
machine.

Due to people portscanning my ISP, I've found many scan attempts
and breakin attempts on my box - none successful of course, but I
like to be paranoid about security so...

I would like to somehow have nmap run a scan of my choosing on
any hosts attempting a connect to any of my ports, either via
tcpwrappers, or the firewall.

Can someone either explain how to do this, or point me to the
proper documentation/manuals, etc..  I've got an idea allready
how to do it with tcpwrappers, but I draw a blank on doing it
with the firewalled ports.

I'd like to have nmap log the remote OS, and do
finger/smtp/ident/etc... scans on the remote machine.

I am fairly familiar with nmap itself, so I can figure out that
part, but how do I get the services to auto call nmap with the
remote machines IP?

Admittedly, I haven't searched for any docs on my system that
might explain this allready...  Feel free to point me to them or
an FAQ however.

Thanks in advance, TTYL



--
Mike A. Harris                   Linux advocate      GNU advocate
Computer Consultant                          Open Source advocate  

News for nerds, stuff that matters:           http://slashdot.org