equivalent of portsentry for windows? (ports scans detection)
592 views
Skip to first unread message
Blauch Armand
Jul 12, 2011, 9:15:39 AM7/12/11
to ossec-list
Hello,
I'm looking for an equivalent of portsentry for windows machine (w2003
and w2008). I look for something first for scans ports detection and
then to log on a output file easy to read for ossec.
I'm trying some configurations tests with windows firewall, but it
doesn't work at this time.
May be somebody already know a solution?
I'm looking for an equivalent of portsentry for windows machine (w2003
and w2008). I look for something first for scans ports detection and
then to log on a output file easy to read for ossec.
I'm trying some configurations tests with windows firewall, but it
doesn't work at this time.
May be somebody already know a solution?
Blauch Armand
Jul 21, 2011, 7:53:20 AM7/21/11
to ossec-list
Hello,
if somebody is interested, I've try so many tools, without succes,
except one, Symantec EndPoint Protection.
At this time of my tests, it's possible to activate the firewall, and
desactivate the active response.
SEP logs all my scan ports, without blocking it. It's all I wanted.
I've seen there is some logs on C:\Program data\symantec\SEP\..\Data
\Logs\seclog.log
I haven't write any rules and decoder about this logs, but I'm working
on it.
> I'm looking for an equivalent ofportsentryfor windows machine (w2003
if somebody is interested, I've try so many tools, without succes,
except one, Symantec EndPoint Protection.
At this time of my tests, it's possible to activate the firewall, and
desactivate the active response.
SEP logs all my scan ports, without blocking it. It's all I wanted.
I've seen there is some logs on C:\Program data\symantec\SEP\..\Data
\Logs\seclog.log
I haven't write any rules and decoder about this logs, but I'm working
on it.
> I'm looking for an equivalent ofportsentryfor windows machine (w2003
Reply all
Reply to author
Forward
0 new messages