[SATLUG] help with tcpdump (grab a beer its a long post)

Henry Pugsley henry.pugsley at gmail.com
Fri Feb 26 12:15:15 CST 2010


On Thu, Feb 25, 2010 at 11:20 PM, steve kolars <bkfuth at gmail.com> wrote:
> On Wed, Feb 24, 2010 at 10:18 PM, Tweeks <tweeksjunk2 at theweeks.org> wrote:
>
>>
>> Why not just use portsentry.. it detects stealth scans, such as
>> SYN/half-open,
>> FIN, NULL, XMAS, and out-of-band packets... and is very modular in nature.
>>
>> Unless you're doing this as a learning experince.. which I totally respect.
>> ;)
>>
>
> Bingo!
>
> Steve
>
>>
>> Tweels

Or you could just use iptables by itself ..
http://bindshell.nl/netfilter/portscan-obfuscation.txt .. check the
section on Half-open scans.

-Henry


More information about the SATLUG mailing list