Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Detect port scanning without psad - write own IDS

    Hi gurus,

    Is possible to detect port scanning just by using utilities included in linux (netstat, iptables...), Yes there is utility called psad but I would write some scripts for my own and learn something new

    Could you point me to good tutorial for writing own Intrusion Detection System?
    I am not a C++ geeg, so first thing that comes to my mind is that i will use simple BASH SCRIPT that will interact with iptables and monitor user activity, network activity etc. (but I thing that would not be good solution due to performance and capabilities, and also I am not familliar with memory in linux at all).
    I was reading aboud SNORT HIDS, NIDS...
    AFAIK some information can be obtainet from /proc but I have no idea which values should be monitored.
    Could you please point me to some good resources It would be good if there would be some example code.

    Thanks a lot

  2. #2
    Just Joined! jippie's Avatar
    Join Date
    May 2006
    Eindhoven, the Netherlands

    it has extensive manual page docs: check at least the man pages for tcpdump and pcap-filter.

    From a security point of view, I really doubt it is very wise to program and trust on your own IDS, but I'll leave the boring preaches to another poster.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts