toscin is a basic IDS system that uses packet filtering to warn against possible attacks against specified services. It basically watches the local network for SYN connections to certain services, and sends notification. Solaris 2.x possibly others.
06069c45e5ec8ef33117592147cdfc24c37a3cc99b890a120d02decafdc6d6fcModified rexec source - captures ident information upon being portscanned. Does not actually emulate services other than listening at certain tcp ports. This is reported to work under Solarix 2.x and possibly linux. Now modified to provide limited counterintelligence (ident query back to source).
b3a8fe6e4a4f2d3c04569b2ee42a59a776b312a65ecbbdc897eb249d57eeb0e2synsniff, as the name would imply, is a simple program which watches for the first part of a TCP connection (the SYN packet) and logs it. Optionally, synsniff can detect FIN (end of session) packets with no corrosponding SYN; this is useful for discovering stealth FIN scans. It is primarily a TCP connection logger but also includes some portscan detection heuristic. It logs incoming SYN and FIN packets to stdout, and also detects portscans by watching for multiple incoming connections within a short timeout (default threshold is 7 connections per second).
dc173114eacb71ab91f027e86510b06a61839e26131d6993217a507fcfdf31ea
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed