There are several people I work with who also swear by port sentry. As far as I can tell, it's very effective at protecting their systems. My only problem with it is that it sends tons of information to syslog. And since we have a syslog server that I have to read the logs for, I get annoyed when I see page after page after page of port sentry complaining that it's being attacked by the name server. Now I know that's just a misconfiguration on someone's part, but even when it's configured correctly, it's still very chatty.