[ale] Port Scanner Detection
Bob
bob at cavu.com
Tue Sep 21 11:39:22 EDT 1999
David Corbin <dcorbin at csol.com> wrote:
> What (free) software would you recommend to run on Linux to detect/monitor
> people that are using port-scanners to find holes in your system?
Deception Toolkit (DTK) is what you want, free, of course.
It monitors ports of services that you do not turn on, looking for people
attempting exploits. It then feeds them false data that looks like they
are communicating with the "real" server while wasting their time and getting
information about their system and alerting you.
For example, if you don't allow FTP it supplies a fake FTPD that gives them
a fake /etc/passwd. They then waste cycles cracking the passwords and then
discovers that the "cracked" passwords do not work.
I have not verified that this is the "official" DTK but do enjoy it
http://www.all.net/dtk/
Bob Toxen
bob at cavu.com http://www.cavu.com
Fly-By-Day Consulting, Inc.
"The bad reputation UNIX has gotten is totally undeserved, laid on by
people who don't understand, who have not gotten in there and tried
anything." -- Jim Joyce, owner of Jim Joyce's UNIX Bookstore
More information about the Ale
mailing list