On Mon, 15 Feb 1999, Chris St. Clair wrote:
> I actually wrote a utility that does just this. Whenever a connection
> is made to my telnet port (no one should be telnetting to my box,
> all authorized users use ssh) the user is warned and then nmap
> fires off in the background, runs a scan, and logs it. I plan on
> making it freely available in the near future, but will make it
> available to interested parties now. Send an e-mail to
> osceola_at_columbus.rr.com if you're interested and I'll send it back
> to you.
>
> It's relatively small and featureless at this point. Basically a shell
> script that gets invoked via a tcp_wrappers twist line in the
> hosts.allow file.
>
> Feel free to give it a try by telneting to homunculus.dynip.com.
>
> When the official release happens I'll be sure and make a posting to
> this group also.
>
> Have fun! nmap rocks!
Like it has been mentioned before, it is not wise to do so.
Your machine ( and network too ) can be brought down by a
smurf-like attack from spoofed IPS.
as for the wrappers part, I use something like :
ALL except in.talkd : ALL : banners /etc/msgs/deny: spawn (/usr/sbin/tcpdlog deny.log %u@%h %a %d\:%p) &
Where tcpdlog could be anything.
[*]-----------------------------------------------------[*]
* Bryan G. Seitz *
* University of Delaware Computer Science *
* http://hwg.linuxos.org *
[*]-----------------------------------------------------[*]
"Linux is like a wigwam - no windows, no gates, apache inside!"
Received on Feb 15 1999
Intro
