Printable View
I am running PortSentry in the basic mode. I am considering going to the stealth mode.
I understand the difference between binding the port and binding the socket.
The question is does the stealth mode pay off with better information, and does the number of false alarms get out of hand
I would not say you would get better information by running in stealth mode.
As far as false positives, it all comes down to how it is configured. It will take some tuning to get it working just how you want. Send me a message if you have any specific questions and I will hlp you offline with your config.
I can even teach you to launch a DoS against anyone who scans your box. Ok...well even though it can be done, I won't tell you that. You'll have to figure that one out on your own...
Have been running in minimal mode, the least number of ports monitored, using the config file supplied by the
software.
I had tryed the paranoid setting and became paranoid myself; basically I was getting logs filled with "innocent" alarms.
I think the stealth mode has more to do with how port sentry answers the connection request more than what information you receive back in logs...in stealth mode it will log the connection request and just not respond to the connection attempt, but if you run it normally it will return that the port is listening to the person doing the connection and log the attempt...
Neb