from the secret journal of An Thi-Nguyen Le ([EMAIL PROTECTED]): > There's Psionic's logcheck, which is in both potato and woody. The > one, the original. Goes well with portsentry (only in woody, can do > a source compile on potato though). >
not exactly -- portsentry depends on net-tools. i tried installing it with --force-depends, and while the daemon starts, it doesn't detect stealth scans. and just to make things interesting, a vanilla open scan results in two log records for each port i hit. i shudder to think what would happen to a busy site not using a loghost. is it supposed to behave this way? -- Jacob Kuntz underworld.net/~jake [EMAIL PROTECTED]
