[Cialug] denyhosts logging LOTS of attacks
Josh More
morej at alliancetechnologies.net
Tue May 13 13:54:22 CDT 2008
nmap has a great many useful switches. :)
You can also do neat stuff with netcat.
I am sure that there are turn key systems for distributed scans, but I
just look at the number of IPs I have to work with and whip up few lines
of perl to randomly scatter ports into N files, and use those files to
feed to nmap. Everything dumps to a "results file", which is then
merged when all scans complete. It's not robust, but it IS sneaky, and
that matters more for this sort of thing.
One thing to consider: if I can do this quickly and easily, what do you
think that the organized crime rings are up to? Might want to harden
your boxes. :)
-Josh More, RHCE, CISSP, NCLP, GIAC
morej at alliancetechnologies.net
515-245-7701
>>> "Nathan Stien" <nathanism at gmail.com> 05/13/08 1:41 PM >>>
On Tue, May 13, 2008 at 1:13 PM, Josh More
<morej at alliancetechnologies.net> wrote:
> When I scan a system, I do slow scans (weeks-long)
> originating from numerous IPs across all possible ports.
Is there some turn-key solution for that, or do you just have your own
scripts?
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug
More information about the Cialug
mailing list