port scanners/ICMP port unreachable

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Paul Ferguson: "Re: port scanners/ICMP port unreachable"
• Previous message: James O.: "Re: A Variety of Things of Possible Interest"
• Next in thread: Paul Ferguson: "Re: port scanners/ICMP port unreachable"

	With the upcoming release of SATAN and the availability
of programs such as strobe by Julian Assange (proff@suburbia.apana.org.au)
I was wondering if anyone has created a sniffer that looks for
ICMP port unreachables.
	I was figuring I could sniff the packets leaving my 
network and look for ICMP port unreachables since it would be
a dead giveaway that someone was trying to light up the TCP ports
of one of our computers.
	I figure it shouldn't be too much work to write a quick program
on top of libpcap to do this.  Has someone written a package like this?
Is there a better way to watch for scans like this?  I sure don't want
to have each computer listening to all ports and logging each
connection.  /etc/inetd.conf from hell.  =)

	I got sick of watching all those introductions go by
so I figured I'd ask a question...   Raise the signal/introduction ratio.  =)

		-John



Ob Introduction:

----

John Studarus
studarus@{CMU,PSC}.EDU
Carnegie Mellon University - M.S. Student, Information Networking Institute
Pittsburgh Supercomputing Center - Network Engineer

• Next message: Paul Ferguson: "Re: port scanners/ICMP port unreachable"
• Previous message: James O.: "Re: A Variety of Things of Possible Interest"
• Next in thread: Paul Ferguson: "Re: port scanners/ICMP port unreachable"