[SATLUG] help with tcpdump (grab a beer its a long post)
henry.pugsley at gmail.com
Fri Feb 26 12:15:15 CST 2010
On Thu, Feb 25, 2010 at 11:20 PM, steve kolars <bkfuth at gmail.com> wrote:
> On Wed, Feb 24, 2010 at 10:18 PM, Tweeks <tweeksjunk2 at theweeks.org> wrote:
>> Why not just use portsentry.. it detects stealth scans, such as
>> FIN, NULL, XMAS, and out-of-band packets... and is very modular in nature.
>> Unless you're doing this as a learning experince.. which I totally respect.
Or you could just use iptables by itself ..
http://bindshell.nl/netfilter/portscan-obfuscation.txt .. check the
section on Half-open scans.
More information about the SATLUG