Lo, on , November 28, Willy Lee did write: > "Robert" == Robert Waldner <[EMAIL PROTECTED]> writes: > > > On Tue, 28 Nov 2000 00:51:09 +0100, Svante Signell writes: > >> Anyone knows what port 12345TCP is used for and which OSes are > >> vulnerable? > > > 12345 is NetBus (according to www.snort.org), vulnerable is > > everything where NetBus runs ;-) eg WinEverything>=95 > > > <portscans> > >> Note: I am on a dial-up connection. For you with fixed network > >> access, how often do this happen, a few times a day? > > >10-15/week. > > > cheers, &rw > > How can I tell when I am being portscanned? Is there an appropriate > selection of Debian packages for this?
As someone else said, you can often see it in your system logs---IF you have your kernel configured with IP firewalling AND if you have your firewall definition set to log blocked packets. For the 2.2 kernel series, see the ipchains(8) manpage. The only dedicated software package that I know of for this sort of thing is PortSentry, at http://www.psionic.com/abacus/portsentry/ (or do a FreshMeat search), but it's only distributed as a tarball, not as a Debian package. Richard
