Results 1 to 2 of 2
Hi gurus,
1st:
Is possible to detect port scanning just by using utilities included in linux (netstat, iptables...), Yes there is utility called psad but I would write some scripts ...
- 10-04-2010 #1Just Joined!
- Join Date
- Jul 2009
- Posts
- 49
Detect port scanning without psad - write own IDS
Hi gurus,
1st:
Is possible to detect port scanning just by using utilities included in linux (netstat, iptables...), Yes there is utility called psad but I would write some scripts for my own and learn something new
2nd:
Could you point me to good tutorial for writing own Intrusion Detection System?
I am not a C++ geeg, so first thing that comes to my mind is that i will use simple BASH SCRIPT that will interact with iptables and monitor user activity, network activity etc. (but I thing that would not be good solution due to performance and capabilities, and also I am not familliar with memory in linux at all).
I was reading aboud SNORT HIDS, NIDS...
AFAIK some information can be obtainet from /proc but I have no idea which values should be monitored.
Could you please point me to some good resources It would be good if there would be some example code.
Thanks a lot
- 10-05-2010 #2Just Joined!
- Join Date
- May 2006
- Location
- Eindhoven, the Netherlands
- Posts
- 76
tcpdump
it has extensive manual page docs: check at least the man pages for tcpdump and pcap-filter.
From a security point of view, I really doubt it is very wise to program and trust on your own IDS, but I'll leave the boring preaches to another poster.
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts