(computer) designing and attacking port scan detection toolsPhrack Magazine Article Search http://www.phrack.com/search.phtml?view&article=p53-13 ---[ Phrack Magazine Volume 8, Issue 53 July 8, 1998, article 13 of 15 -------------------------[ Designing and Attacking Port Scan Detection Tools --------[ solar designer ----[ Introduction The purpose of this article is to show potential problems with intrusion detection systems (IDS), concentrating on one simple attack: port scans. This lets me cover all components of such a simplified IDS. Also, unlike the great SNI paper (http://www.secnet.com/papers/IDS.PS), this article is not limited to network-based tools. In fact, the simple and hopefully reliable example port scan detection tool ("scanlogd") that you'll find at the end is host-based. ----[ What Can We Detect? A port scan involves……