Results 1 to 2 of 2
Hi gurus, 1st: Is possible to detect port scanning just by using utilities included in linux (netstat, iptables...), Yes there is utility called psad but I would write some scripts ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 10-04-2010 #1
- Join Date
- Jul 2009
Detect port scanning without psad - write own IDS
Is possible to detect port scanning just by using utilities included in linux (netstat, iptables...), Yes there is utility called psad but I would write some scripts for my own and learn something new
Could you point me to good tutorial for writing own Intrusion Detection System?
I am not a C++ geeg, so first thing that comes to my mind is that i will use simple BASH SCRIPT that will interact with iptables and monitor user activity, network activity etc. (but I thing that would not be good solution due to performance and capabilities, and also I am not familliar with memory in linux at all).
I was reading aboud SNORT HIDS, NIDS...
AFAIK some information can be obtainet from /proc but I have no idea which values should be monitored.
Could you please point me to some good resources It would be good if there would be some example code.
Thanks a lot
- 10-05-2010 #2
it has extensive manual page docs: check at least the man pages for tcpdump and pcap-filter.
From a security point of view, I really doubt it is very wise to program and trust on your own IDS, but I'll leave the boring preaches to another poster.