'scanlogd' is a TCP port scan detection tool which attempts to log all portscans of a host to the syslog, in a secure fashion. It was designed to illustrate various attacks an IDS developer has to deal with; thus, unlike some other port scan detection tools, 'scanlogd' is designed to be totally safe to use. The current released can be built with support for one of several packet capture interfaces. In addition to the raw socket interface on Gnu/Linux, scanlogd is now aware of libnids and libpcap. The author discourages the use of libpcap. If you're on a system other than GNU/Linux and/or want to monitor the traffic of an entire network at once, he suggests using libnids in order to handle fragmented IP packets.
DocumentationUser manpage included and available in HTML format from http://www.openwall.com/scanlogd/scanlogd.8.shtml
released on 2 June 2004
Paid supportservices at openwall.com
- Port Scan Attack Detector
- TCP Re-engineering
|License||Verified by||Verified on||Notes|
|SimplePermissiveNoNonWarranty||Janet Casey||3 June 2004|
Leaders and contributors
Resources and communication
This entry (in part or in whole) was last reviewed on 3 June 2004.