Get Client's IP Address Using NCAT
Pergunta
I'm participating in a computer security competition this weekend and I'm trying to make a script that will block an IP address for 5 minutes if I get port scanned. So I decided I could use NCAT and have it execute a iptables script if someone tries to connect to a port I am listening to. The problem is, I don't know how to get the IP address of the client that is connecting. Is this possible to do?
I don't want to use honeypots because they can be detected by many scanners, and any custom scripts I have, I have to write when I'm in the competition room. Can anyone help me out with this?
Thanks
Solução
Most portscans won't do a full tcp handshake, they will run a syn scan. So netcat would never recieve a connection. I recommend psad. On debian systems you can get it with:
aptitude install psad
Also, such a question should be asked at https://security.stackexchange.com/