Klaxon is a simple detector od scanning booted from inetd.
Instead of actually executing anything, it returns a benign error to the caller, and syslogs the calling host, username, and name of attempted service access. It's also extremely useful for detecting portscanner attacks like those perpetrated by ISS and SATAN. Ident support (RFC931) is currently optional. klaxon is useful to watch in place of any tcp or udp service port where you would not suspect activity.
Ident is a protocol sometimes also called TAP which is based on RFC931. If the machine that the scan attempt supports this protocol (usually out of inet) you will get a username as well as the hostname of the attacking machine. NOTE: This information should be taken with a grain of salt as ident can be very easy to spoof. However, it can also be useful, so I have left it as an option in the source. The current timeout for determining if the remote machine supports ident is 3 seconds. You can adjust this in the Makefile. Both ident-full and ident-free version of the executable are built from one Makefile. Currently, it compiles out of the box on Solaris2.X, SunOS4.1.X, Digital Unix 3.2*, Linux, HPUX, AIX, and probably others.
Product's homepage
Find us on Google+
