Re: port scanners/ICMP port unreachable

Paul Ferguson (paul@hawksbill.sprintmrn.com)
Mon, 27 Mar 1995 22:11:56 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: James O.: "Re: Introduction: Bryan Curnutt"
Previous message: John Studarus: "port scanners/ICMP port unreachable"
In reply to: John Studarus: "port scanners/ICMP port unreachable"
Next in thread: Oliver Friedrichs: "Re: port scanners/ICMP port unreachable"

> 	I was figuring I could sniff the packets leaving my 
> network and look for ICMP port unreachables since it would be
> a dead giveaway that someone was trying to light up the TCP ports
> of one of our computers.
> 	I figure it shouldn't be too much work to write a quick program
> on top of libpcap to do this.  Has someone written a package like this?
> Is there a better way to watch for scans like this?  I sure don't want
> to have each computer listening to all ports and logging each
> connection.  /etc/inetd.conf from hell.  =)
>


Why not simply use a 'sane' implementation of ICMP class filtering,
such as offered in cisco IOS 10.3, to simply block specific classes
of ICMP traffic?

Great taste, Less filling.

- paul

 
_______________________________________________________________________________
Paul Ferguson                         
US Sprint                                          tel: 703.689.6828
Managed Network Engineering                   internet: paul@hawk.sprintmrn.com
Reston, Virginia  USA                             http://www.sprintmrn.com

Next message: James O.: "Re: Introduction: Bryan Curnutt"
Previous message: John Studarus: "port scanners/ICMP port unreachable"
In reply to: John Studarus: "port scanners/ICMP port unreachable"
Next in thread: Oliver Friedrichs: "Re: port scanners/ICMP port unreachable"