Find the answer to your Linux question:
Results 1 to 2 of 2
Hi gurus, 1st: Is possible to detect port scanning just by using utilities included in linux (netstat, iptables...), Yes there is utility called psad but I would write some scripts ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2009
    Posts
    70

    Detect port scanning without psad - write own IDS


    Hi gurus,

    1st:
    Is possible to detect port scanning just by using utilities included in linux (netstat, iptables...), Yes there is utility called psad but I would write some scripts for my own and learn something new

    2nd:
    Could you point me to good tutorial for writing own Intrusion Detection System?
    I am not a C++ geeg, so first thing that comes to my mind is that i will use simple BASH SCRIPT that will interact with iptables and monitor user activity, network activity etc. (but I thing that would not be good solution due to performance and capabilities, and also I am not familliar with memory in linux at all).
    I was reading aboud SNORT HIDS, NIDS...
    AFAIK some information can be obtainet from /proc but I have no idea which values should be monitored.
    Could you please point me to some good resources It would be good if there would be some example code.

    Thanks a lot

  2. #2
    Just Joined! jippie's Avatar
    Join Date
    May 2006
    Location
    Eindhoven, the Netherlands
    Posts
    76
    tcpdump

    it has extensive manual page docs: check at least the man pages for tcpdump and pcap-filter.

    From a security point of view, I really doubt it is very wise to program and trust on your own IDS, but I'll leave the boring preaches to another poster.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •