Login or Register to Ask a Question and Join Our Community


Cybersecurity

Detect port scanning without psad - write own IDS

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Detect port scanning without psad - write own IDS
# 1  
Old 10-04-2010
Detect port scanning without psad - write own IDS
Hi gurus,

1st:
Is possible to detect port scanning just by using utilities included in linux (netstat, iptables...), Yes there is utility called psad but I would write some scripts for my own and learn something new Smilie

2nd:
Could you point me to good tutorial for writing own Intrusion Detection System?
I am not a C++ geeg, so first thing that comes to my mind is that i will use simple BASH SCRIPT that will interact with iptables and monitor user activity, network activity etc. (but I thing that would not be good solution due to performance and capabilities, and also I am not familliar with memory in linux at all).
I was reading aboud SNORT HIDS, NIDS...
AFAIK some information can be obtainet from /proc but I have no idea which values should be monitored.
Could you please point me to some good resources It would be good if there would be some example code.

Thanks a lot
# 2  
Old 03-11-2011
If you want to create a NIDS, at it's most basic level it is collection and analysis:

a) Grab packets off the wire (e.g. tcpdump)
b) Scan the dumped data for stuff you want to search for* (e.g. ngrep - network grep)
* matching against a database of signatures of "known bad stuff" or track behavioural anomalies with a statistical model.
c) Do something, perhaps sending an alert via SMTP message or SNMP trap.

Do not underestimate the enormous amount of work involved with such a project.
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

List of all ids,groups, privilege ids

I wish to pull out a list of all user ids on the system, including the privileged ids, the groups to which they belong to. Sometimes after deleting an id also, its home dir does not get deleted or an entry is left behind in /etc/passwd. Can someone help me with a script to achieve both. (2 Replies)
Discussion started by: ggayathri
2 Replies

2. Solaris

How to find port number wwn of particular port on dual port HBA,?

please find the below o/p for your reference bash-3.00# fcinfo hba-port HBA Port WWN: 21000024ff295a34 OS Device Name: /dev/cfg/c2 Manufacturer: QLogic Corp. Model: 375-3356-02 Firmware Version: 05.03.02 FCode/BIOS Version: BIOS: 2.02; fcode: 2.01;... (3 Replies)
Discussion started by: sb200
3 Replies

3. Programming

unable to send read and write serial port

hey frns pls help me out !! i hav a code of c that i have to include in my project. i am using a device (geomeda) that has unix based OS. it also support SIM card for connecting to server . I need to send SMS to user from this device.. below code is not working .. i am unable to send sms and the... (7 Replies)
Discussion started by: yashwantkumar
7 Replies

4. Shell Programming and Scripting

how to detect port open status?

I write a script which will stop an application, then restart it. Sometimes it is succesful, sometimes not. The problem is, when stop the application, some ports are still listenning (or not released). When start the application, it reports that ports are used, and can't continues. I use... (1 Reply)
Discussion started by: rdcwayx
1 Replies

5. IP Networking

read/write,write/write lock with smbclient fails

Hi, We have smb client running on two of the linux boxes and smb server on another linux system. During a backup operation which uses smb, read of a file was allowed while write to the same file was going on.Also simultaneous writes to the same file were allowed.Following are the settings in the... (1 Reply)
Discussion started by: swatidas11
1 Replies

6. Shell Programming and Scripting

trying to write a script to loop through a port info file

Below is part of a script i have written to loop through part of a port info file. How do i continue the script to get info for OS Device Name, manufacturer and then put information into an array? HBA Port WWN: 10000000c9420b4b OS Device Name: /dev/cfg/c10 Manufacturer: Emulex... (5 Replies)
Discussion started by: rcon1
5 Replies

7. Programming

how to write application for 32 com port

Dear Sir, i m going to use NP5610-16 moxa device for multiport serial communication. i m using fedora-core 6 o.s. after installation it will detect serial ports as /dev/ttyr0,/dev/ttyr1...ttyr32. there are total 32 com ports. now i want to write application which monitor all serial ports and... (6 Replies)
Discussion started by: amitpansuria
6 Replies

8. UNIX for Advanced & Expert Users

which port to write my server application?

I want to write a server application that would accept HTTP requests from client. The server would be on a machine that has no connection to the INTERNET. The clients that would be posting their HTTP requests would be doing so through webbrowser .Thus it would be sort of intranet application.... (0 Replies)
Discussion started by: rraajjiibb
0 Replies

9. Solaris

Paging without Scanning

Trying to reach a formula on Solaris 9 for calculating the Memory utilization percentage, i have encountered a lot of indicators and metrices, however i have faced a case today which confused me. How to get a Zero Scan Rate along an hour whilst the Paging activity (Pages IN & Pages Out) are not... (4 Replies)
Discussion started by: Negm
4 Replies
Login or Register to Ask a Question