Re: port scanners/ICMP port unreachable

Aleph One (aleph1@dfw.net)
Tue, 28 Mar 1995 22:20:27 -0600 (CST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Don Harper: "On alarms and paging..."
Previous message: Vin McLellan: "Re: Introduction (egads! not another flippin ...)"
In reply to: Brian Utterback: "Re: port scanners/ICMP port unreachable"
Next in thread: Andrew Cowell: "Re: port scanners/ICMP port unreachable"

	Well guess I'll put in my 2 cents in this topic.
I would argue that the best resoult would be obtained by
using a modified tcp wrapper as *Hobbit* did to suck
the packets comming in to well known ports *and* to log
the generation of ICMP port and host unrechable messages.
They could be doing an all port scan and scanning blindly for 
hosts with no qualified domain names.

a1
http://underground.org/

Next message: Don Harper: "On alarms and paging..."
Previous message: Vin McLellan: "Re: Introduction (egads! not another flippin ...)"
In reply to: Brian Utterback: "Re: port scanners/ICMP port unreachable"
Next in thread: Andrew Cowell: "Re: port scanners/ICMP port unreachable"