Categories
Audio
Business and productivity
Database
Education
Email
Games
Graphics
Hobbies
Interface
Internet applications
Live communications
Localization
Mathematics
Printing
Science
Security
Software development
Software libraries
System administration
Text creation and manipulation
Video
Web authoring
scanlogd
'scanlogd' is a TCP port scan detection tool which attempts to log all portscans of a host to the syslog, in a secure fashion. It was designed to illustrate various attacks an IDS developer has to deal with; thus, unlike some other port scan detection tools, 'scanlogd' is designed to be totally safe to use. The current released can be built with support for one of several packet capture interfaces. In addition to the raw socket interface on Gnu/Linux, scanlogd is now aware of libnids and libpcap.
The author discourages the use of libpcap. If you're on a system other than GNU/Linux and/or want to monitor the traffic of an entire network at once, he suggests using libnids in order to handle fragmented IP packets.
Last updated 3 Jun, 2004
About
Leadership
- Solar Designer - Maintainer
Requirements
- libnids (Weak Prerequisite)
- libpcap (Weak Prerequisite)
Related Projects
AIDE, Firestorm, Gtk-nocker, Knocker, Multiscan, Port Scan Attack Detector, SNORT, TCP Re-engineering, Tiger, Tripwire
Versions
2.2.4
2.2.4 stable released 2004-06-02
- Released: 2 Jun, 2004
- Code Maturity: Stable
- Source Archive: http://www.openwall.com/scanlogd/scanlogd-2.2.4...
- Licenses: SimplePermissiveNoNonWarranty
- Interfaces: Daemon
User Community and Support
User manpage included and available in HTML format from http://www.openwall.com/scanlogd/scanlogd.8.shtml
General Resources
Support Resources
- services at http://openwall.com