Re, "Noah L. Meyerhans" wrote:
> On Thu, Mar 22, 2001 at 08:31:53AM -0600, Brooks R. Robinson wrote: > > > You may also want to try iplogger. Not only will this show ALL the ports in > > use, not just the ones you select in portsentry. Also, portsentry actually > > listens on those ports it is monitoring, so if you nmap yourself for > > security leaks, you'll see a plethora of ports open, don't freak. > > IIRC iplogger was obsoleted by ippl. There were some issues with remote > DoS attacks against hosts running iplogger. Ippl took care of those and > provides a more flexible logging mechanism. Ippl is one of the very > first packages I install on any Debian box in my control. Once you've > configured it right (i.e. told it not to log normal traffic like smtp > connections) the output can be very interesting. > you even should try snort. even a nice choice for port scanning and other strange attacks against your system MfG Daniel
