PortSentry - annoyed by port scans?
Results 1 to 3 of 3

Thread: PortSentry - annoyed by port scans?

  1. #1
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628

    PortSentry - annoyed by port scans?

    PortSentry by Psionic is a cool lil' utility that allows you to monitor in realtime port scans and take countermeasures (if that is you pleasure, I wouldn't).
    Anyway it's, again, free.

    http://www.psionic.com/products/portsentry.html

    From the site:

    PortSentry is a program designed to detect and respond to port scans against a target host in real-time. The 2.0 version of the software offers extensive stealth scan detection for most Unix platforms. The 1.1 version supports the "classic" PortSentry detection modes that are no longer available in the 2.0 version of the software.

    Features

    Stealth port scan detection for all Unix platforms. PortSentry will detect SYN/half-open, FIN, NULL, X-MAS and oddball packet stealth scans.
    PortSentry will react to a port scan attempt by blocking the host in real-time protecting your system from reconnassaince probes, auto-scanners, and targeted system attacks.
    PortSentry will report all violations to the local or remote syslog daemons indicating the system name, time of attack, attacking host IP and the TCP or UDP port a connection attempt was made to. When used in conjunction with LogSentry it will provide an alert to administrators through e-mail.
    Once a scan is detected, your system will turn into a blackhole and disappear from the attacker. This feature stops most attacks cold.
    As with all of the Tri-Sentry tools, PortSentry is designed to have an easy configuration and be maintenance free.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  2. #2
    Senior Member
    Join Date
    Mar 2002
    Posts
    425
    There are several people I work with who also swear by port sentry. As far as I can tell, it's very effective at protecting their systems. My only problem with it is that it sends tons of information to syslog. And since we have a syslog server that I have to read the logs for, I get annoyed when I see page after page after page of port sentry complaining that it's being attacked by the name server. Now I know that's just a misconfiguration on someone's part, but even when it's configured correctly, it's still very chatty.

  3. #3
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Agreed. It took me a while to get it just right but, otherwise, it's really solid.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •