May 10th, 2002, 12:58 AM
PortSentry - annoyed by port scans?
PortSentry by Psionic is a cool lil' utility that allows you to monitor in realtime port scans and take countermeasures (if that is you pleasure, I wouldn't).
Anyway it's, again, free.
From the site:
PortSentry is a program designed to detect and respond to port scans against a target host in real-time. The 2.0 version of the software offers extensive stealth scan detection for most Unix platforms. The 1.1 version supports the "classic" PortSentry detection modes that are no longer available in the 2.0 version of the software.
Stealth port scan detection for all Unix platforms. PortSentry will detect SYN/half-open, FIN, NULL, X-MAS and oddball packet stealth scans.
PortSentry will react to a port scan attempt by blocking the host in real-time protecting your system from reconnassaince probes, auto-scanners, and targeted system attacks.
PortSentry will report all violations to the local or remote syslog daemons indicating the system name, time of attack, attacking host IP and the TCP or UDP port a connection attempt was made to. When used in conjunction with LogSentry it will provide an alert to administrators through e-mail.
Once a scan is detected, your system will turn into a blackhole and disappear from the attacker. This feature stops most attacks cold.
As with all of the Tri-Sentry tools, PortSentry is designed to have an easy configuration and be maintenance free.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson