Klaxon 1.0

Klaxon is a simple detector od scanning booted from inetd.

  Add it to your Download Basket!

 Add it to your Watch List!


Rate it!
send us
an update
GPL (GNU General Public License) 
Dough Hughes
ROOT \ System \ Monitoring
Klaxon is a simple detector od scanning booted from inetd.

Instead of actually executing anything, it returns a benign error to the caller, and syslogs the calling host, username, and name of attempted service access. It's also extremely useful for detecting portscanner attacks like those perpetrated by ISS and SATAN. Ident support (RFC931) is currently optional. klaxon is useful to watch in place of any tcp or udp service port where you would not suspect activity.

Ident is a protocol sometimes also called TAP which is based on RFC931. If the machine that the scan attempt supports this protocol (usually out of inet) you will get a username as well as the hostname of the attacking machine. NOTE: This information should be taken with a grain of salt as ident can be very easy to spoof. However, it can also be useful, so I have left it as an option in the source. The current timeout for determining if the remote machine supports ident is 3 seconds. You can adjust this in the Makefile. Both ident-full and ident-free version of the executable are built from one Makefile. Currently, it compiles out of the box on Solaris2.X, SunOS4.1.X, Digital Unix 3.2*, Linux, HPUX, AIX, and probably others.

Last updated on July 12th, 2006

#INETD BOOT SCAN #tcp scan #ports watch #ports #watcher #scan #tcp

Add your review!