Re: how to tell if HPUX is being port scanned

Rick Garland · ‎01-23-2008

Hi all:

On HPUX 11.23 and above, how can I tell if my system has been port scanned?

What tells me tusc or nmap (etc.) has been run against my system?

Tim Nelson · ‎01-23-2008

In the past I installed and had active Psionic Port Sentry ( think they got bought by Cisco ).

This would actively monitor any or all unused ports and
1) create log and email notification.
2) add entry in /etc/hosts.deny so TCPWrappers could deny any furthur access to good ports.

The are other products that do the same, but the idea is the same. Could even write your own.

Rick Garland · ‎01-25-2008

Thanks Tim:

Installing an application is one thing but I am interested in how otr what that application is doing to detect the port scan. You mentioned I could write my own, what would I be looking for?

Laurent Menase · ‎01-25-2008

SYN/RESET test makes accept() fails with ENOBUFS, in most cases, but sometimes not.

Else you can configure IPfilter to log SYN/RESET tests

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: how to tell if HPUX is being port scanned

how to tell if HPUX is being port scanned