My question may look strange (and even stupid to someone) but I'd like to
know if there is program that catches outgoing portscan attempts and logs
the time and the IP of the portscanner.
Lately, I receive complains from organizations that send to me their logs
with portscan attempts with IPs from our network. The bad thing is that
these complain come 3-4 week later and it's very hard to be tracked. Better
idea is to watch my gateway and if there are more than 10-30 outgoing
attempts for tcp connections to particular IP but on different ports I
consider it is portscan.
Also It is good to catch spoofing attempts, but I think I can do that with
ipfwadm -Oa deny
ipfwadm -Oi acc -S mynetwork/netmask
or somethink like that.
Has someone heard about such utility?
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to firstname.lastname@example.org