Re: TCP SYN probe detection tool available

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Casper Dik: "Re: need more for sendmail VRFY and EXPN bug"
• Previous message: James W. Abendschan: "Re: need more for sendmail VRFY and EXPN bug"
• In reply to: Doug Hughes: "TCP SYN probe detection tool available"
• Next in thread: Brian Mitchell: "Re: TCP SYN probe detection tool available"

On Tue, 14 May 1996, Doug Hughes wrote:

> In light of the recent revival of interest in the TCP SYN probe
> that were undetected by conventional daemon means (e.g. klaxon),
> I wrote a promiscuous network monitor that runs as a packet filter
> and will catch any packet on the network that matches services
> that are given to the program as command line arguments. So far
> it runs on SunOS4.1.X (NIT) and Solaris2.X(DLPI). Individuals
> interested in running it on other architectures would need to
> do some porting. The DLPI code should be portable to other DLPI
> implementations. On SunOS and Solaris all you have to do is type
> Make. The README explains options, history, and implementation.
>
>

This is a good idea. I have also written a similar tool, although mine
logs all syn packets. It uses the libpcap interface. Should compile under
linux, freebsd, irix, sunos, solaris, etc. It is available at
http://www.saturn.net/~brian/files/clog-001.tar.gz (libpcap is not
included with the distribution).

Brian Mitchell                  brian@saturn.net
Public key available            http://www.saturn.net/~brian/pubkey

"I never give them hell. I just tell the truth and they think it's hell"
- H. Truman

• Next message: Casper Dik: "Re: need more for sendmail VRFY and EXPN bug"
• Previous message: James W. Abendschan: "Re: need more for sendmail VRFY and EXPN bug"
• In reply to: Doug Hughes: "TCP SYN probe detection tool available"
• Next in thread: Brian Mitchell: "Re: TCP SYN probe detection tool available"