Networking :: Detect Port Scanning Without Psad - Write Own IDS

Oct 4, 2010

Is possible to detect port scanning just by using utilities included in linux (netstat, iptables...), Yes there is utility called psad but I would write some scripts for my own and learn something new

I am not a C++ geeg, so first thing that comes to my mind is that i will use simple BASH SCRIPT that will interact with iptables and monitor user activity, network activity etc. (but I thing that would not be good solution due to performance and capabilities, and also I am not familliar with memory in linux at all). I was reading aboud SNORT HIDS, NIDS... AFAIK some information can be obtainet from /proc but I have no idea which values should be monitored.

View 1 Replies


ADVERTISEMENT

Programming :: Detect Port Scanning Without Psad - Write Own IDS

Oct 4, 2010

Is possible to detect port scanning just by using utilities included in linux (netstat, iptables...), Yes there is utility called psad but I would write some scripts for my own and learn something new

writing own Intrusion Detection System? I am not a C++ geeg, so first thing that comes to my mind is that i will use simple BASH SCRIPT that will interact with iptables and monitor user activity, network activity etc. (but I thing that would not be good solution due to performance and capabilities, and also I am not familliar with memory in linux at all). I was reading aboud SNORT HIDS, NIDS... AFAIK some information can be obtainet from /proc but I have no idea which values should be monitored.

View 1 Replies View Related

Ubuntu Networking :: Automatic Port Scanning?

Aug 5, 2011

I'm running 10.04 LTS Desktop and I'm wondering if there any default packages that are automatically scanning for hosts? I'm on a university network and they're really touchy about any computers scanning ports/hosts and they keep disabling my computer. I'm just wondering if there's anything like that installed by default - maybe some of the zeroconf stuff?

View 2 Replies View Related

Networking :: Can Nmap Detect Port-sharing

Sep 28, 2010

Since I no longer have access to a spare machine to actually test this out on, I was hoping some kind soul might know the answer, or be willing to try it out for me. I'm trying to find out if the port scanner nmap can detect two different services which are sharing a single port. For instance, if I'd managed to set up, I dunno, a web server and an ftp server to both run over the same port, would nmap with version detection be able to detect both of them, or just one?

View 7 Replies View Related

Security :: Block Port Scanning Attempts?

Nov 18, 2010

I run SSH on a publicly open server and see following attempts in /var/log/auth.log which I was told by some one could be port scanning attempts.(Not sure though)

Code:
Nov 18 23:50:19 server sshd[21716]: Did not receive identification string from 186.0.80.197
Nov 19 00:05:57 server sshd[24056]: Did not receive identification string from 85.108.110.66

How can I block above such attempts?

View 11 Replies View Related

Ubuntu Security :: Odd Port Scanning Results - 646 - Dropping Packets

Jun 6, 2010

I was testing the security of my Ubuntu 10.04 64bit install by running a port scan from [URL] and I came upon some odd results. It appears that basically all my ports are closed, but only Port 646 is dropping packets silently. Furthermore, Port 80 is open.

View 5 Replies View Related

General :: Port Scanning Attack Displayed At Interactive Firewall

May 17, 2011

Got 3 computers connected by ethernet to a router modem. At this router modem only port 80 is forwarded to a web server (one of the 3 computers). Now I realized several times a port scanning attack displayed at interactive firewall of Webserver ( Apache at Mandriva LINUX ). Actually the message is port scanning attempt of heanet (actually this names are different mostly). I wonder how to figure out is this portscanning attack possible through port 80 or is the modemrouter (Draytek VIGOR) misconfigured, compromised or one of the other 2 machines (Windows) are compromised and attacking the server inside intranet?

View 2 Replies View Related

Networking :: Serial Port : Not Able To Write Big Chunk Of Data?

Mar 10, 2010

I am trying to send text data from one PC to other using Serial cable. One of the PC is running linux and I am sending data from it using write(2) system call. The log size is approx 65K bytes but the write(2) system call returns some 4K bytes (i.e. this much amount of data is getting transferred). I tried breaking the data in chunks of 4K but write(2) returns -1.My question is that "Is there any buffer limit for writing data on serial port? or can I send data of any size?. Also do I need to continously read data from other PC as I write 4K chunk of data"Do I need to do any special configuration in termios structure for sending (huge) data?

View 4 Replies View Related

Fedora Networking :: Port Redirect, I.e. Whatever Comes Through Whatever Interface On Port AAAA Will Get Redirected To Port BBBB?

Feb 18, 2010

I want to do a simple port redirect, i.e. whatever comes trough whatever interface on port AAAA will get redirected to port BBBBI thought that iptables -t nat -I PREROUTING --source 0/0 --destination 0/0 -p tcp --dport AAAA -j REDIRECT --to-ports BBBBhowever it doesn't work, e.g. nc -v -w2 -z localhost AAAA gives:

nc: connect to localhost port AAAA (tcp) failed: Connection refused
while
nc -v -w2 -z localhost BBBB

[code]....

View 10 Replies View Related

Programming :: Detect If A File Is Used In Write Mode?

Apr 14, 2011

I have to read files from a linux server. When I copy a file I receivce just a portion of the file I expected if the process generationg ths file is still writing it.

I read the file from a java apllication using SSH/SFTP. How can I detect if the file is still used by the writing process ?

View 4 Replies View Related

Programming :: Write A Program In C To Detect The Ethernet Cable?

Mar 11, 2009

write a C program to detect whether the Ethernet cable is plugged or unplugged. I found out by using a command "nm-tool" in Linux terminal will show me whether a Ethernet cable is plugged or not. If Ethernet cable is plugged, in the device part of eth0, the Hardware Link of Wired Settings will indicate a "yes" and "no" if no Ethernet cable. Hence, in my previous code, I use one function called popen to read the state as shown below:

PHP Code:

[code]....

However, now my project wish to not use the NetworkManager (where the "nm-tool" command comes from). And this gives me trouble to detect the Ethernet cable. So is there any other method for me to detect the Ethernet cable in C programming?

View 8 Replies View Related

Programming :: Write A Script That Will Detect All The Unwanted Files In A Particular Directory

Apr 1, 2011

I want to write a script that will detect all the unwanted files in a particular directory and delete them in one fly..

View 11 Replies View Related

Programming :: Write To A Port Through QTcpSocket?

Jan 19, 2011

QUdpSocket does have a writeDatagram() method which takes port number and IP address as an argument.

There is no such thing in QTcpSocket.

But there is QIODevice class. Can that be used instead, I can't make out anything with the documentation here:[URL]

View 7 Replies View Related

Ubuntu Networking :: Aircrack-ng Does Not Find Any APs While Scanning

Dec 31, 2010

I've just bought a GEETEK Hercules USB Wlan adapter, which has the Ralink rt3072 chipset. The Connection manager can find wireless APs, but it won't connect to any of those. Also, aircrack-ng does not find any APs while scanning.After some tinkering and a lot of restarting, I can now connect t wireless networks, although slowly. However, I still can't use it with aircrack-ng.

View 6 Replies View Related

Ubuntu Networking :: UI Tools For WIFI Scanning

Mar 30, 2011

As a frequent traveler, I spend most of my time in Hotel these months.My laptop is Ubuntu Maverick.Is there any UI tools for wifi scanning and auto-connection in Ubuntu?I have tried wifiradar. Although it could scan out the wifi SSID, while, the wifiradar could not connect to the WIFI.

View 4 Replies View Related

Ubuntu :: Serial Port Read, Write After DTR Toggle In C++?

Mar 31, 2011

I need to read and write to a serial device. When I connect via gtkterm, I need to toggle DTR before I can communicate with the device . My problem is that I cannot emulate this in C++.

I want to write some code that can setup a comport, toggle the DTR, then read and write strings to the port. However all my attempts have been fruitless. My serial settings are B9600, No parity, no hardware control, 8 bt characters and 1 stop bit:

Code:
#include <iostream>
#include <SerialStream.h>
#include <sys/ioctl.h>
#include <fcntl.h>
using namespace LibSerial;

[Code]...

View 1 Replies View Related

General :: Serial Port Configuration - Write Or Read

Dec 1, 2010

I have a minilinux that I being working on, the problem now is that the serial ports doesn't seem to work (I have 4 serial ports).They don't write or read.

I run the command setserial g /dev/ttySx and it says that his IRQ are 3 or 4 (3 for ttyS0 and ttyS2 , 4 for ttyS1 and ttyS4)�but when I run the command: dmesg | grep ttyS the IRQ�s are 0 for ALL my serial ports� could be this the reason why my serial ports aren�t working right??? And if it is how can I solve the problem??

View 2 Replies View Related

Programming :: Read Datas After Write On Serial Port?

Mar 8, 2011

I'm currently developping a C program to drive a Telit GM862-GPS module using the serial port of an embedded board (SBC9261).The communication with the module is based on AT commands : I just send my command to the module, through the RS232 line, and the module answers immediately.Here's an example with a basic command returning the GPS's acquired position, sent with Minicom :

Code:
AT$GPSACP
$GPSACP: 104323.000,4x45.6171N,00x38.6219E,0.8,446.5,3,272.14,0.21,0.11,080311,09

[code]...

View 4 Replies View Related

Ubuntu Networking :: Wicd Disconnects Wifi When Scanning?

Oct 29, 2010

I have an hp compaq 6720s laptop dualboot vista/ubuntu lucyd.My wireless card is Intel Corporation PRO/Wireless 3945ABG [Golan] Network Connection (rev 02), controlled by wicd 1.7.0 (gnome network manager connects/disconects the net continuously).The problem is, any time I do a scanning with wicd or from command line to see the wifi nets around,my wireless is disconnected, then it connects again because is set to automatic reconnection

View 2 Replies View Related

Ubuntu Networking :: Scanning Over Lpd-network And A RX500 Multifunction Device?

May 3, 2011

I have made an EPSON RX500 multifunction device (printer/scanner) available over my router with the lpd protocol. Both PCs (ubuntu 10.04 laptop wireless, 8.10 desktop wired) connected to it can print, but not scan, since XSANE does not recognize the scanner over the network. It does hoverer both, scanning and printing, if connected with an USB cable. How can i configure xsane to recognize my RX500 over the network?

View 1 Replies View Related

Ubuntu Networking :: 11.04 Bluetooth Scanning Endlessly And Not Finding Phone?

Sep 1, 2011

I actually have two problems: I couldn't get DUN to work with Ubuntu for a while and then one day it just magically worked and would let me find the device and connect to it. And then it broke again. So in my effort to fix the problem it looks like Bluetooth went completely off the rails. When I try to add a Bluetooth device through the manager it just keeps spinning with "Searching for Devices" but the spinning finds nothing (it would run for an eternity if I let it, it seems). hcitool scan reports "Scanning ..." and then drops back to command prompt. hciconfig notes the device is up. The device has no soft/hard locks on it. If anyone has a CLUE about what it could be.

Obvious note: My phone is in bluetooth mode and discoverable so that isn't the problem.

If I make the computer visible, my phone DOES NOT pick up it's there. Also, bluetooth works fine on the Fedora USB stick.

View 1 Replies View Related

Networking :: C Source Code For Scanning A Shared Directory Of A Host

Mar 31, 2011

c source code for scanning a shared directory of a host ?

View 3 Replies View Related

Programming :: Write Data To Text File Which Is Coming On Serial Port Infintely?

Aug 5, 2010

trying read serial COM port and want to write that received data to file, now its writing only one sentence, but i want to write full file which coming on serial port, as i'm sending file from hyper terminal and reading on linux pc, If i put while loop its not writing anything,without while loop its writing only one line and if send big file then application terminates and then writes to file.But i need do write any size which coming on serial port.Finally i want write full file which is coming on hyper terminal, after writing the file it has wait for next data. This is my code,

#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>

[code]...

View 9 Replies View Related

Ubuntu Networking :: Error - Remote Port Forwarding Failed For Listen Port 5500

Aug 7, 2010

When I use the following command:

ssh user@ssh_server -L 5500:localhost:5500 -p 22

everything works fine. I can log in, and local port forwarding is done. Otherwise when I use the command:

ssh user@ssh_server -R 5500:localhost:5500 -p 22

I get an error "remote port forwarding failed for listen port 5500". However when I try remote port forwarding in WinXP by use of putty there is no problem...

View 2 Replies View Related

Networking :: Use Iptables In Order To Forward All The Incoming Packets For Port 5555 To Port 5556?

Apr 4, 2011

I'm trying to use iptables in order to forward all the incoming packets for port 5555 to port 5556 on the same server (192.168.2.101).

I wrote the following commands:

iptables -A PREROUTING -t nat -i any -p tcp --dport 5555 -j DNAT --to 192.168.2.101:5556
iptables -A FORWARD -p tcp -m state --state NEW -d 192.168.2.101 --dport 5556 -j ACCEPT

View 3 Replies View Related

Networking :: Iptables Can't Port Forward (PAT Port Address Translation)?

Feb 20, 2010

I'm using a Debian servers, as router/firwall.. I've two ethernet interfaces into the server, one for wan and one for lan. The i use SNAT so my LAN clients can access the internet throgh the debian router. That is working... Now i want to be able to access servers on the LAN site from the WAN site, and i wanna use port address translation (PAT). I have a FTP server running on a lan server, so i'm trying to portward port 21.

iptables -t nat -A PREROUTING -p tcp -i eth1 -d (WANIP) --dport 21 -j DNAT --to 192.168.1.2:21

When people try to access my FTP from the WAN site, they are redirected to the local FTP server, and they are promted for crendentials, but when the credentials are typed, and the local ftp server should answer the wan request, the connections dies.

The wan clients are being promted for credentials, so they are redirected to the local lan server, but after that the connections dies, so i think there is some kind of nat problem, when the local lan server is trying to respond to the wan request..

Here i my iptables script:

#flush table
iptables -F
#input regler

[code]....

View 6 Replies View Related

Networking :: MULTICAST Address And Port - Socket Listen Only On Port?

Feb 12, 2009

I make an application on GNU/Linux which listening on a MULTICAST stream, so I open my unconnected socket, bind it on a MULTICAST address and a port, join the multicast group with the "setsockopt (IP_ADD_MEMBERSHIP)", then I receive datagram on my socket.

Now I've two different instances of the same application that run with their own MULTICAST address and port. And what I found strange is that, after a misconfiguration, I switch the ports, for example:

Emitting on 225.0.0.1/23451 and 225.0.0.2/23452
Receiving on 225.0.0.1/23452 and 225.0.0.2/23451

And my receiving part doesn't care about the MULTICAST address, it looks like the socket is listening on the port number only! I mean that the receiver [225.0.0.1/23452] take its datagrams from emitter [225.0.0.2/23452] and vice-versa!

View 2 Replies View Related

Ubuntu Networking :: Iwconfig/iwlist - No Wireless Extensions And Interface Doesn't Support Scanning?

Mar 11, 2010

The adapter I purchased (Zonet ZEW2508 ) uses the Ralink 2070 chipset - a fact that originally excited me because Ralink seems to be fairly loving to the Linux community. However, despite my best efforts I can't get the thing to work. Initially I tried following directions to set up the driver you can download from the Ralink website. The directions I found were written February first, and Ralink updated the driver February eighth - so as far as I can tell the directions no longer work. After screwing around trying to figure that out for a while I decided to give ndiswrapper a go.

Initially this seemed promising. I just harvested the drivers from the CD and followed one of the many ndiswrapper directions available - most helpful seemed initially to be the Ndiswrapper Troubleshooting Guide found in this forum, however the solutions offered there didn't work either. When I throw an ndiswrapper -l into the terminal it looks promising at first, it tells me the driver is installed and the device is present, but it just doesn't work. When I try iwconfig, or iwlist scan it tells me "no wireless extensions," and "interface doesn't support scanning" respectively. The only devices even listed are lo, eth0, and pan0. There's no wlan0 or anything of the sort.

View 1 Replies View Related

CentOS 5 Networking :: Check If Clamav Is Scanning HTTP Traffic Squid Proxy Server?

May 21, 2011

I'm trying to setup a Centos 5.6 Squid Proxy Server with Content Filtering & Antivirus Scanning Incoming HTTP Traffic from the Internet

I then proceeded to setup an configure the Proxy Server, i was able to test and confirm that Squid and Dansguardian Content Filter is working, however i dont know if Clamav is scanning HTTP traffic before it hits the client/server. Is there a way i can check if the Antivirus scanning is working.. is there some log file or real world test i can i can do to confirm that Clamav is scanning incoming traffic or even blocking potential viruses ??

Anyone who has squid proxy server with Clamav configured and its working can share there settings/setup with me and how they tested it ??

View 1 Replies View Related

Ubuntu Networking :: Port Forwarding Through A Specific Port?

Jul 14, 2011

I want to set my ip as static and port forward it through a specific port can anyone help me with this im using ubuntu 10 with 64 bit OS

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved