Mark Ivey wrote:
> Hi,
>
> I keep seeing comments similar to "someone port-scanned my firewall today,
> and here is who they were..." and I was wondering how you manage to get
> this information (both the fact that someone scanned you, and then the
> info on the originating system). Thanks...
>
> -Mark-
I don't use any portscanning detection but there are programs out there that
do that. I prefer to reject the packets and log them with the -l option on
the ipchains rule. thsi does have a tendency to create a bunch of messages
in the log in certain circumstances. As far as finding out who a particular
ip address belongs to read up on nslookup. I have not mastered it (getting
some of the really detailed information) but it helps. You can also run a
portscanner on the offending machine I guess to see what they have open and
what information is availible that way I guess.
Bret
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
