Port Scan Warning Program?

**datamike** · 03-27-2002, 04:56 PM

I am looking for a program that I can run on my RH 7.2 box that will alert me via a pager if my box is under heavy scans. I would also like it to send me e-mails but I can find a few that do that already, I really want to find one that will page me. Any links or advice greatly appr. Thanx in advance.

**gmoreno** · 03-27-2002, 05:06 PM

You can use PortSenty and you can set it to like send you an e-mail to your pager if your pager has an e-mail address. If your pager dosent have an e-mail address but just a telephone number I'm sure you can setup to page you somehow.

Meanwhile check this out.
http://www.linuxnewbie.org/nhf/intel...rtsentry1.html

**Compunuts** · 03-27-2002, 05:19 PM

I tend to stay away from these kind of stuff mostly since it's just a wast of time ( and money ).

1. How does your program can differientiate what qualified as heavy scan and normal scan??

2. If you get page for every scan your box get, then you don't need to go home. Just sit by your box 24/7.

3. If the box is under heavy scan ( like DOSs ), then your system can do no squat about it except a sitting duck and it won't page you ( have no time to get to that paging process ).

4. You will only get tons of pages only after the box is returned to normal.

5. What good it's if you know only after your box is come back online anyway??

The best approch ( IMO ) is to get a network detector for high traffic and alert you for it. gmoreno had suggested a good one.

**datamike** · 03-27-2002, 05:28 PM

Well besides the fact of Compunuts telling me I was nuts you guys helped me alot. I guess your right though Comp. I was just thinking that I could atleast find out who is scanning me so much. One other question. How do you configure a box to send back bogus info, like instead of it saying the OS and version of Apache have it say some other OS and a diff version of Apache.

**Compunuts** · 03-27-2002, 05:52 PM

Well besides the fact of Compunuts telling me I was nuts you guys helped me alot.

hehehe.... ;D

I was just thinking that I could atleast find out who is scanning me so much.

Then use logrotate and have a script send an email every x minutes of time.

How do you configure a box to send back bogus info, like instead of it saying the OS and version of Apache have it say some other OS and a diff version of Apache.

I don't know how to spoof that but you can set your Apache to only send minimal info whenever a client request info. But I forgot the exact setting for it ( since I'm not on my server box ATM and can't check ). Look around in the httpd.conf file.

<edited>
UBB tag..