Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Detect port scanning without psad - write own IDS
Special Forums Cybersecurity Detect port scanning without psad - write own IDS Post 302459342 by wakatana on Monday 4th of October 2010 12:07:18 PM
Old 10-04-2010
Detect port scanning without psad - write own IDS
Hi gurus,

1st:
Is possible to detect port scanning just by using utilities included in linux (netstat, iptables...), Yes there is utility called psad but I would write some scripts for my own and learn something new Smilie

2nd:
Could you point me to good tutorial for writing own Intrusion Detection System?
I am not a C++ geeg, so first thing that comes to my mind is that i will use simple BASH SCRIPT that will interact with iptables and monitor user activity, network activity etc. (but I thing that would not be good solution due to performance and capabilities, and also I am not familliar with memory in linux at all).
I was reading aboud SNORT HIDS, NIDS...
AFAIK some information can be obtainet from /proc but I have no idea which values should be monitored.
Could you please point me to some good resources It would be good if there would be some example code.

Thanks a lot
 

9 More Discussions You Might Find Interesting

1. Solaris

Paging without Scanning

Trying to reach a formula on Solaris 9 for calculating the Memory utilization percentage, i have encountered a lot of indicators and metrices, however i have faced a case today which confused me. How to get a Zero Scan Rate along an hour whilst the Paging activity (Pages IN & Pages Out) are not... (4 Replies)
Discussion started by: Negm
4 Replies

2. UNIX for Advanced & Expert Users

which port to write my server application?

I want to write a server application that would accept HTTP requests from client. The server would be on a machine that has no connection to the INTERNET. The clients that would be posting their HTTP requests would be doing so through webbrowser .Thus it would be sort of intranet application.... (0 Replies)
Discussion started by: rraajjiibb
0 Replies

3. Programming

how to write application for 32 com port

Dear Sir, i m going to use NP5610-16 moxa device for multiport serial communication. i m using fedora-core 6 o.s. after installation it will detect serial ports as /dev/ttyr0,/dev/ttyr1...ttyr32. there are total 32 com ports. now i want to write application which monitor all serial ports and... (6 Replies)
Discussion started by: amitpansuria
6 Replies

4. Shell Programming and Scripting

trying to write a script to loop through a port info file

Below is part of a script i have written to loop through part of a port info file. How do i continue the script to get info for OS Device Name, manufacturer and then put information into an array? HBA Port WWN: 10000000c9420b4b OS Device Name: /dev/cfg/c10 Manufacturer: Emulex... (5 Replies)
Discussion started by: rcon1
5 Replies

5. IP Networking

read/write,write/write lock with smbclient fails

Hi, We have smb client running on two of the linux boxes and smb server on another linux system. During a backup operation which uses smb, read of a file was allowed while write to the same file was going on.Also simultaneous writes to the same file were allowed.Following are the settings in the... (1 Reply)
Discussion started by: swatidas11
1 Replies

6. Shell Programming and Scripting

how to detect port open status?

I write a script which will stop an application, then restart it. Sometimes it is succesful, sometimes not. The problem is, when stop the application, some ports are still listenning (or not released). When start the application, it reports that ports are used, and can't continues. I use... (1 Reply)
Discussion started by: rdcwayx
1 Replies

7. Programming

unable to send read and write serial port

hey frns pls help me out !! i hav a code of c that i have to include in my project. i am using a device (geomeda) that has unix based OS. it also support SIM card for connecting to server . I need to send SMS to user from this device.. below code is not working .. i am unable to send sms and the... (7 Replies)
Discussion started by: yashwantkumar
7 Replies

8. Solaris

How to find port number wwn of particular port on dual port HBA,?

please find the below o/p for your reference bash-3.00# fcinfo hba-port HBA Port WWN: 21000024ff295a34 OS Device Name: /dev/cfg/c2 Manufacturer: QLogic Corp. Model: 375-3356-02 Firmware Version: 05.03.02 FCode/BIOS Version: BIOS: 2.02; fcode: 2.01;... (3 Replies)
Discussion started by: sb200
3 Replies

9. UNIX for Beginners Questions & Answers

List of all ids,groups, privilege ids

I wish to pull out a list of all user ids on the system, including the privileged ids, the groups to which they belong to. Sometimes after deleting an id also, its home dir does not get deleted or an entry is left behind in /etc/passwd. Can someone help me with a script to achieve both. (2 Replies)
Discussion started by: ggayathri
2 Replies

LEARN ABOUT DEBIAN

psadwatchd

PSADWATCHD(8)						      System Manager's Manual						     PSADWATCHD(8)

NAME

       psadwatchd - checks to make sure kmsgsd and psad are running.

SYNOPSIS

       psadwatchd [options]

DESCRIPTION

       psadwatchd  checks  on  an interval of every five seconds to make sure that kmsgsd and psad are running on the box.  If either of the other
       two daemons have died, psadwatchd will restart the daemon and notify each  email  address  listed  in  the  EMAIL_ADDRESSES  variable  (see
       /etc/psad/psad.conf)  that  the daemon has been restarted.  psadwatchd uses the psad.conf configuration file which by default is located at
       /etc/psad/psad.conf, but a different path can be specified on the command line.

OPTIONS

       -c <config-file>
	      Specify path to config file instead of using the default configuration file /etc/psad/psad.conf.

       -D     Dump the configuration values that psadwatchd derives from /etc/psad/psad.conf (or other override files) on STDERR.

       -h     Display usage information and exit.

       -O <config-file>
	      Override config variable values that are normally read from the /etc/psad/psad.conf file with values from the specified file.   Mul-
	      tiple override config files can be given as a comma separated list.

SEE ALSO

       psad(8), kmsgsd(8),

AUTHOR

       Michael Rash (mbr@cipherdyne.org)

       This manual page was written by Daniel Gubser <daniel.gubser@gutreu.ch> for the Debian GNU/Linux system (but may be used by others).

DISTRIBUTION

       psad is distributed under the GNU General Public License (GPL), and the latest version may be downloaded from http://www.cipherdyne.org

Debian GNU/Linux						    March 2009							     PSADWATCHD(8)
All times are GMT -4. The time now is 05:03 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy