[2529] in bugtraq
Re: TCP SYN probe detection tool available
daemon@ATHENA.MIT.EDU (Brian Mitchell)
Wed May 15 11:41:18 1996
Date: Wed, 15 May 1996 03:25:52 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Brian Mitchell <brian@saturn.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199605142129.QAA06278@netman.eng.auburn.edu>
On Tue, 14 May 1996, Doug Hughes wrote:
> In light of the recent revival of interest in the TCP SYN probe
> that were undetected by conventional daemon means (e.g. klaxon),
> I wrote a promiscuous network monitor that runs as a packet filter
> and will catch any packet on the network that matches services
> that are given to the program as command line arguments. So far
> it runs on SunOS4.1.X (NIT) and Solaris2.X(DLPI). Individuals
> interested in running it on other architectures would need to
> do some porting. The DLPI code should be portable to other DLPI
> implementations. On SunOS and Solaris all you have to do is type
> Make. The README explains options, history, and implementation.
>
>
This is a good idea. I have also written a similar tool, although mine
logs all syn packets. It uses the libpcap interface. Should compile under
linux, freebsd, irix, sunos, solaris, etc. It is available at
http://www.saturn.net/~brian/files/clog-001.tar.gz (libpcap is not
included with the distribution).
Brian Mitchell brian@saturn.net
Public key available http://www.saturn.net/~brian/pubkey
"I never give them hell. I just tell the truth and they think it's hell"
- H. Truman
