Re: Scanning hosts connecting to a linuxbox.

[Bryan Seitz <sysadmin () host136-143 student udel edu>]

On Mon, 15 Feb 1999, Chris St. Clair wrote:

> I actually wrote a utility that does just this. Whenever a connection
> is made to my telnet port (no one should be telnetting to my box,
> all authorized users use ssh) the user is warned and then nmap
> fires off in the background, runs a scan, and logs it. I plan on
> making it freely available in the near future, but will make it 
> available to interested parties now. Send an e-mail to 
> osceola () columbus rr com if you're interested and I'll send it back
> to you.
>
> It's relatively small and featureless at this point. Basically a shell 
> script that gets invoked via a tcp_wrappers twist line in the 
> hosts.allow file.
>
> Feel free to give it a try by telneting to homunculus.dynip.com.
>
> When the official release happens I'll be sure and make a posting to 
> this group also.
>
> Have fun! nmap rocks!

Like it has been mentioned before, it is not wise to do so.
Your machine ( and network too ) can be brought down by a 
smurf-like attack from spoofed IPS.

as for the wrappers part, I use something like :

ALL except in.talkd : ALL : banners /etc/msgs/deny: spawn (/usr/sbin/tcpdlog deny.log %u@%h %a %d\:%p) &
Where tcpdlog could be anything.

[*]-----------------------------------------------------[*]
 *                  Bryan G. Seitz                       *
 *       University of Delaware Computer Science         *
 *               http://hwg.linuxos.org                  *
[*]-----------------------------------------------------[*]

"Linux is like a wigwam - no windows, no gates, apache inside!"