|
Post by drone on Apr 13, 2012 11:53:59 GMT -5
I'm currently developing a port scan detection module; current feature set includes TCP SYN/FIN/ACK/XMAS and UDP scan detection. Planned features are: - Cloaked mode; when a port scan is detected, the module will begin responding with fake ACK's, that is, the port scanner will falsely detect that the port is open. This hides valid ports amongst a a sea of false positives.
- Port knocking mechanism (see: www.portknocking.org/)
- Compulsory response; this will allow you to set up a watcher on only particular ports that aren't or shouldn't be normally used.
Any other suggestions/tweaks are welcome.
|
|