29 Mar
2011
29 Mar
'11
1:46 p.m.
On 3/29/11 3:30 PM, cmeclax-sazri wrote:
Opening a web page with lots of images results in lots of connections to web servers. If I hit the stop button before the images are loaded, my browser will close those connections without receiving any data. Web pages do not normally contain lots of HTTP links to sites that aren't running web servers, so a lot of refused connections does not look like anything that can happen in normal web browsing. Port scanning results in lots of connections closed upon opening and lots of connections refused; the distinctor is the lots of connections refused.
Ok, anyone willing to implement a portscan detector using such logic? :-)
I candidate myself to test it with the risk of getting Bad-Exited ;P
-naif