Skip to content

Instantly share code, notes, and snippets.

@NitroCao

NitroCao/gist:4c935ad3c30d1c7dfa28d2e235c8b348

Created March 30, 2018 16:15
Show Gist options
  • Save NitroCao/4c935ad3c30d1c7dfa28d2e235c8b348 to your computer and use it in GitHub Desktop.
Save NitroCao/4c935ad3c30d1c7dfa28d2e235c8b348 to your computer and use it in GitHub Desktop.
Download ZIP
Another thought about detecting port scanning
Raw
gistfile1.txt
* 是不是可以通过对未监听端口的流量检测来实现端口扫描检测?也就是说,如果有人向未开放的端口发送数据包试图建立连接,是否就可以认为是端口扫描。
* 初期可以用 libpcap 来捕获流量。这适用于流量比较小的情况,如果流量比较大,那么用这种方式可能效率会很低。
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment