Re: sleath port scanning fix (fwd)

Alan Cox (
Wed, 10 Sep 1997 20:49:34 +0100 (BST)

> That's kind of long, don't you think... Perhaps saying "possible `stealth'
> port scanning attempt - hdr FROM %d.%d.%d.%d, port %d" is better, since
> admins clueless enough to think that sombody who would do anything that
> sounds as cool as stealth port scanning would be so stupid as to not fake

"Possible stealth port scanning possibly from IP addr a.b.c.d" - why not
just give up now and let people write smarter stateful user mode tools
to spot port sweeps