FAQ: See http://www.ticm.com/kb/faq/idsfaq.html IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html HELP: Having problems.. Then email questions to ids-owner@uow.edu.au NOTE: You MUST remove this line from reply messages as it will be filtered. SPAM: DO NOT send unsolicted mail to this list. USUB: email "unsubscribe ids" to majordomo@uow.edu.au --------------------------------------------------------------------------- ~ If anyone needs the info, I have portscan detect set up to detect ~ incoming scans on ports 54(low scan), 31337(BO), and 12345(NetBus), if a ~ scan comes thru for any of these, the system catches them and emails to ~ alert. This is also displayed real-time on a v-console for active ~ viewing/testing. Not difficult to do, but it is handy. ~ Well, I've been playing with the similar things a while ago, when 31337 UDP scans were quite active. I also implemented `ping-pong' feature which caused some sort of amusing results for our bo-kiddies. I would like to have a look on your codes, if you don't mind. (while mine are at http://www.kalug.lug.net/coding look at udplstn piece and http://www.kalug.lug.net/tcplogd/ for general TCP-scans logger, if you're interested). regards ~Fyodor -- fygrave@tigerteam.net http://www.kalug.lug.net