Re: Netcat probing, logs and detection

Mark_W_Loveless@smtp.bnr.com
Thu, 21 Nov 96 11:48:33 CST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Peter C. Norton: "Re: Netcat probing, logs and detection"
Previous message: Yiorgos Adamopoulos: "Re: Netcat probing, logs and detection"

     1 - Netcat has as one of its features the ability to do port scanning. 
     But it is a command line utility with dozens of features.

     2 - The logs would not provide much. There ARE several scripts that 
     come with the lastest version to automate probing and are mainly 
     intended as an example, and I suppose some lame idiot might run those, 
     but a serious undetected probe using Netcat would require some 
     adjustments.

     3 - Any ids that looks for odd repeated port connections might detect 
     it, although Netcat does allow you to randomly scan a range of ports 
     which would defeat some of those. Since it is completely adjustable, 
     you can get around any ids that 1) looks for sequential port scans 2) 
     does not look for UDP scanning which Netcat does and 3) any detection 
     based off of times between connections since you can adjust the time 
     between each connection probe.

     BTW I mainly use Internet Security Scanner for testing. Netcat is nice 
     for some quick stuff but I mainly use Netcat for some of its other 
     features. I find the UDP stuff very useful.

     Mark.Loveless@bnsf.com

[Quoted Message Deleted]

Next message: Peter C. Norton: "Re: Netcat probing, logs and detection"
Previous message: Yiorgos Adamopoulos: "Re: Netcat probing, logs and detection"