>>>>> "Chirag" == Chirag Kantharia <[EMAIL PROTECTED]> writes:
Chirag> On Mon, Feb 18, 2002 at 09:36:07AM +0530, Raju Mathur
Chirag> wrote: | iplog is a TCP/IP traffic logger. Currently, it
Chirag> is capable of logging | TCP, UDP and ICMP traffic. Adding
Chirag> support for other protocols should | be relatively easy.
Chirag> | | iplog's capabilities include the ability to detect TCP
Chirag> port scans, TCP | null scans, FIN scans, UDP and ICMP
Chirag> "smurf" attacks, bogus TCP flags | (used by scanners to
Chirag> detect the operating system in use), TCP SYN | scans, TCP
Chirag> "Xmas" scans, ICMP ping floods, UDP scans, and IP fragment
Chirag> | attacks. | | iplog is able to run in promiscuous mode
Chirag> and monitor traffic to all | hosts on a network.
Chirag> Doesn't portsentry do the same? Are there any features in
Chirag> iplog which aren't part of portsentry?
I run both iplog and portsentry. Iplog logs /all/ packets except
those which I specifically tell it not to, while portsentry watches
sensitive ports and firewalls out machines which try to connect to
those ports. One is a logger, the other an attack defeating package,
if you see the difference.
Regards,
-- Raju
--
Raju Mathur [EMAIL PROTECTED] http://kandalaya.org/
It is the mind that moves
================================================
To subscribe, send email to [EMAIL PROTECTED] with subscribe in subject header
To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject header
Archives are available at http://www.mail-archive.com/ilugd%40wpaa.org
=================================================
