Re: response to scanning of ports

If you are using LIDS for 2.6, there is no support for port scanner detector.
Only LIDS 1.2 for 2.4 or lower has this capabilities. The reason LIDS for 2.6
do not support port scanner is LIDS using the LSM framework and it do not
have the proper function hook to use to implement the port scan detector. 

huagang
On Fri, Jun 03, 2005 at 01:05:57PM +0100, Sandrine Tchomdom wrote:
> 
>  Hello, it's me again.
> 
>  After what you told me, I tried ta make a scanning of the ports of my 
> "LIDS computer". I disabled the firewall (just to see how the logs would 
> be), and typed nmap -sS -O -F -PI -PT 193.51.149.46 on another "no lids 
> computer"
> 
> Then I look at the log of the "lids computer" (/var/log/messages) and I saw 
> something like this:
> ....LIDS: nifd (...) pid....ppid...uid (0/0 NULL tty): violated 
> CAP_NET_ADMIN
> 
>  I don't understand: is it because of the scanning that I have this 
> message? if not, what kind of message should I have had in response to my 
> scan?
> 
> _________________________________________________________________
> MSN Hotmail : antivirus et antispam intégrés 
> http://www.msn.fr/newhotmail/Default.asp?Ath=f
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by Yahoo.
> Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
> Search APIs Find out how you can build Yahoo! directly into your own
> Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
> _______________________________________________
> lids-user mailing list
> lids-user <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lids-user