[ Thanks to Noel
for this link. ]
“Your network is being scanned for vulnerabilities. This may
happen only once a month or twice a day, regardless, there are
people out there probing your network and systems for
weaknesses. I can say this with confidence because I have yet
to work on a network that has not been probed. My personal network
of six systems at home is on a dedicated ISDN line. This network
has no valuable data, nor represents any organization, yet I get
probed two to four times a week. If you have a system or network
connected to the Internet, you become a target. This article will
discuss how you can protect yourself by detecting these intrusion
attempts. I will then cover what you can do when you discover these
attempts.”
“There are a variety of different probes hackers will attempt.
The first type we will prepare for is one of the most common, port
scans. Port scans are where an inidvidual attempts to connect to a
variety of different ports. The scans can be used on a specific
target, or used to scan entire IP ranges, often chosen at random
This is one of the most popular information gathering methods used
by hackers today as it identifies what ports and services are
open.”
“To detect these scans, we will build a system that emails us
alerts whenever someone connects to a predetermined port. First, we
identify three to five of the most commonly scanned ports. Then we
select two to three systems to listen on these ports. When an
intruder scans our network, he will most likely hit our systems
listening on these ports. When these ports are scanned, the systems
log the attempt, execute various predetermined actions, then email
an alert to a point of contact.”