SCO UnixWare 7/OpenUNIX 8/OpenServer 6 FAQ: How do I catch someone trying to port scan my Uw7/OSR6 host?

SCO UnixWare 7/OpenUNIX 8/OpenServer 6 FAQ :

Networking :
How do I catch someone trying to port scan my Uw7/OSR6 host?

The curious out there like to scan the ports of publicly available computers. At times they are trying to attack your system, and you can run a dummy service on an unused port that'll send root some email if someone tries to connect to it.

   Let's call the new service we are going to create 'probe.'
   Let's have probe run on port 999, which is unused.
   Let's make a batch file that probe runs called 'etcprobe.'
   Probe will be added with an entry in /etc/services.
   Probe will be started with an entry in /etc/inet/inetd.conf.
   Etcprobe will be stored in /usr/local/bin.

       /usr/local/bin/etcprobe
  +-------------------------------------------------------------------
  | #!/bin/sh
  | netstat -an | grep 999 | grep ESTAB | mail -s "Probe Alert!!" root
  |

        /etc/services
  +------------------------------
  |  ...
  |  ...
  |  probe     999/tcp
  |  ...

        /etc/inet/inetd.conf
  +----------------------------------------------------------------------
  | ...
  | probe   stream   tcp   nowait   root  /usr/local/bin/etcprobe   probe
  |

Now apply the changes made to inetd.conf with the kill command. Test that probe is working by trying to telnet to port 999. You'll get mail to root in a few seconds.

<Jim.Van.Verth@>
gerberb@zenez.com

[Append to This Answer]

Previous:	How do I boot an ftp user who is logged in?
Next:	What web servers are running or not on Uw7/OSR6 after ISL?

This document is: http://www.zenez.com/cgi-bin/ou8faq/faq?file=134

	[Search]	[Appearance]
This is a Faq-O-Matic 2.721.