Unautherized/illegal use of ncat/nmap

as a sysadmin there’s one important thing i need to know. what are the file i need to look at to reveal if a user on my sys uses NetCat, NMap or any other port scanner?


Normally, you can’t. NetCat isn’t even a port scanner.

All these tools do is open try to open network connections. On most systems, this is a standard thing for a user application to do, so it’s not restricted, nor is it logged anywhere.

If you have a firewall, you may be able to set it up so it can log unusual activity. Since a user may be opening ports for many reasons, it can be difficult to tell the difference between normal activity and a port scan, especially if the port scan takes place over an extended time.

I suspect you’re trying to look for a simple answer here in hopes of making your system more secure. I’m sorry, but there just isn’t one. Good security is complicated. If you’re running a multi-user system, securing it will most likely take deep knowledge of how a number of parts operate and interact.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.