Re: Security Question
> I've been lurking in a few lists, and I keep reading about port
> scans, so I'd like to learn more about them, and how to detect/log
> them, etc.
>
> The only thing I recognize is tripwire, and that from reading it in
> few posts, but it appears to be available only in rpm format, and as
> source only.
As far as portscans are concerned, I use portsentry (I had the URL
somewhere......try www.psionic.com)
If you want to portscan your own machine, use nmap or write a simple
portscanner yourself. What a portscanner essentially does is checking a
target host for any ports open (each port corresponds to a certain service
running, like telnetd, ftpd, httpd, echo, etc. Look in /etc/services for
more info.) From there the attacker decides which exploits to use.
So...essential to security is limiting the number of services running. Use
inetd.conf for it.
Tripwire is ok. It's primarily used for routine system check or when you
suspect someone got in, and want to make sure that none of the vital
programs have been changed.
Use alien to convert rpm binary into deb binary, or just compile it
yourself.
Along with portsentry you should firewall your machine (Plannning on
starting on that myself today). Its in the Security HOWTO.
Andrew
---------------------------------------------------------------------------
Andrei S. Ivanov
Scorpio@hushmail.com
c680789@showme.missouri.edu
UIN 12402354
http://scorpio.myip.org <--All the pages bundled together.
---------------------------------------------------------------------------
Reply to: