PortScan Plugin 0.0.2a

The port scan plug in for snort, or just portscan for short is intended to be used in conjunction with snort and logcheck.
The port scan plug in for snort, or just portscan for short is intended to be used in conjunction with snort and logcheck. The tool will allow you to monitor your snort log file and then do port scans based upon certain keywords.

This program requires nmap and snort. If you want it to run automatically you will also need logcheck. Hopefully in the future this program will be built to run as a daemon and will no longer rely on logcheck. But for now use logcheck.

Make sure that Snort is set to log to syslog and that you know which syslog file it is logging to. The contents of the file will look like this :

Jul 6 18:34:00 thqms3 snort: IDS126/x11_Outgoing_Xterm: 212.30.119.109:6000 -> 63.80.88.42:33248

To install first run install.sh

After running install.sh you may edit the portscan.conf file in /etc/portscan and the keywords file. After making any necassary changes you will need to add the following lines into your logcheck.sh file

/usr/sbin/portscan.pl &
cat $TMPDIR/checkoutput.$$ > $TMPDIR/portscan.log

So your logcheck.sh file should now look like this (toward the bottom)

last updated on:
July 11th, 2006, 5:05 GMT
price:
FREE!
homepage:
sourceforge.net
license type:
GPL (GNU General Public License) 
developed by:
Andrew Hydle
category:
ROOT \ System \ Monitoring
PortScan Plugin
Download Button

In a hurry? Add it to your Download Basket!

user rating

UNRATED
0.0/5
 

0/5

Rate it!

Add your review!

SUBMIT