Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Detect port scanning without psad - write own IDS
Special Forums Cybersecurity Detect port scanning without psad - write own IDS Post 302459342 by wakatana on Monday 4th of October 2010 12:07:18 PM
Old 10-04-2010
Detect port scanning without psad - write own IDS
Hi gurus,

1st:
Is possible to detect port scanning just by using utilities included in linux (netstat, iptables...), Yes there is utility called psad but I would write some scripts for my own and learn something new Smilie

2nd:
Could you point me to good tutorial for writing own Intrusion Detection System?
I am not a C++ geeg, so first thing that comes to my mind is that i will use simple BASH SCRIPT that will interact with iptables and monitor user activity, network activity etc. (but I thing that would not be good solution due to performance and capabilities, and also I am not familliar with memory in linux at all).
I was reading aboud SNORT HIDS, NIDS...
AFAIK some information can be obtainet from /proc but I have no idea which values should be monitored.
Could you please point me to some good resources It would be good if there would be some example code.

Thanks a lot
 

9 More Discussions You Might Find Interesting

1. Solaris

Paging without Scanning

Trying to reach a formula on Solaris 9 for calculating the Memory utilization percentage, i have encountered a lot of indicators and metrices, however i have faced a case today which confused me. How to get a Zero Scan Rate along an hour whilst the Paging activity (Pages IN & Pages Out) are not... (4 Replies)
Discussion started by: Negm
4 Replies

2. UNIX for Advanced & Expert Users

which port to write my server application?

I want to write a server application that would accept HTTP requests from client. The server would be on a machine that has no connection to the INTERNET. The clients that would be posting their HTTP requests would be doing so through webbrowser .Thus it would be sort of intranet application.... (0 Replies)
Discussion started by: rraajjiibb
0 Replies

3. Programming

how to write application for 32 com port

Dear Sir, i m going to use NP5610-16 moxa device for multiport serial communication. i m using fedora-core 6 o.s. after installation it will detect serial ports as /dev/ttyr0,/dev/ttyr1...ttyr32. there are total 32 com ports. now i want to write application which monitor all serial ports and... (6 Replies)
Discussion started by: amitpansuria
6 Replies

4. Shell Programming and Scripting

trying to write a script to loop through a port info file

Below is part of a script i have written to loop through part of a port info file. How do i continue the script to get info for OS Device Name, manufacturer and then put information into an array? HBA Port WWN: 10000000c9420b4b OS Device Name: /dev/cfg/c10 Manufacturer: Emulex... (5 Replies)
Discussion started by: rcon1
5 Replies

5. IP Networking

read/write,write/write lock with smbclient fails

Hi, We have smb client running on two of the linux boxes and smb server on another linux system. During a backup operation which uses smb, read of a file was allowed while write to the same file was going on.Also simultaneous writes to the same file were allowed.Following are the settings in the... (1 Reply)
Discussion started by: swatidas11
1 Replies

6. Shell Programming and Scripting

how to detect port open status?

I write a script which will stop an application, then restart it. Sometimes it is succesful, sometimes not. The problem is, when stop the application, some ports are still listenning (or not released). When start the application, it reports that ports are used, and can't continues. I use... (1 Reply)
Discussion started by: rdcwayx
1 Replies

7. Programming

unable to send read and write serial port

hey frns pls help me out !! i hav a code of c that i have to include in my project. i am using a device (geomeda) that has unix based OS. it also support SIM card for connecting to server . I need to send SMS to user from this device.. below code is not working .. i am unable to send sms and the... (7 Replies)
Discussion started by: yashwantkumar
7 Replies

8. Solaris

How to find port number wwn of particular port on dual port HBA,?

please find the below o/p for your reference bash-3.00# fcinfo hba-port HBA Port WWN: 21000024ff295a34 OS Device Name: /dev/cfg/c2 Manufacturer: QLogic Corp. Model: 375-3356-02 Firmware Version: 05.03.02 FCode/BIOS Version: BIOS: 2.02; fcode: 2.01;... (3 Replies)
Discussion started by: sb200
3 Replies

9. UNIX for Beginners Questions & Answers

List of all ids,groups, privilege ids

I wish to pull out a list of all user ids on the system, including the privileged ids, the groups to which they belong to. Sometimes after deleting an id also, its home dir does not get deleted or an entry is left behind in /etc/passwd. Can someone help me with a script to achieve both. (2 Replies)
Discussion started by: ggayathri
2 Replies

LEARN ABOUT MINIX

iptables-apply

IPTABLES-APPLY(8)						  iptables 1.6.1						 IPTABLES-APPLY(8)

NAME

       iptables-apply - a safer way to update iptables remotely

SYNOPSIS

       iptables-apply [-hV] [-t timeout] [-w savefile] {[rulesfile]|-c [runcmd]}

DESCRIPTION

       iptables-apply  will  try  to  apply  a	new rulesfile (as output by iptables-save, read by iptables-restore) or run a command to configure
       iptables and then prompt the user whether the changes are okay. If the new iptables rules cut the existing connection, the user will not be
       able to answer affirmatively. In this case, the script rolls back to the previous working iptables rules after the timeout expires.

       Successfully applied rules can also be written to savefile and later used to roll back to this state. This can be used to implement a store
       last good configuration mechanism when experimenting with an iptables setup script:  iptables-apply  -w	/etc/network/iptables.up.rules	-c
       /etc/network/iptables.up.run

       When called as ip6tables-apply, the script will use ip6tables-save/-restore and IPv6 default values instead. Default value for rulesfile is
       '/etc/network/iptables.up.rules'.

OPTIONS

       -t seconds, --timeout seconds
	      Sets the timeout in seconds after which the script will roll back to the previous ruleset (default: 10).

       -w savefile, --write savefile
	      Specify  the  savefile  where  successfully  applied  rules  will   be   written	 to   (default	 if   empty   string   is   given:
	      /etc/network/iptables.up.rules).

       -c runcmd, --command runcmd
	      Run command runcmd to configure iptables instead of applying a rulesfile (default: /etc/network/iptables.up.run).

       -h, --help
	      Display usage information.

       -V, --version
	      Display version information.

SEE ALSO

       iptables-restore(8), iptables-save(8), iptables(8).

LEGALESE

       Original  iptables-apply  -  Copyright  2006 Martin F. Krafft <madduck@madduck.net>.  Version 1.1 - Copyright 2010 GW <gw.2010@tnode.com or
       http://gw.tnode.com/>.

       This manual page was written by Martin F. Krafft <madduck@madduck.net> and extended by GW <gw.2010@tnode.com or http://gw.tnode.com/>.

       Permission is granted to copy, distribute and/or modify this document under the terms of the Artistic License 2.0.

iptables 1.6.1															 IPTABLES-APPLY(8)
All times are GMT -4. The time now is 11:14 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy