Re: detecting portscanning

To: <debian-security@lists.debian.org>
Subject: Re: detecting portscanning
From: Peter Hicks <peter@geoworks.com>
Date: Thu, 24 May 2001 14:23:04 -0700
Message-id: <01052414230408.25290@corum>
In-reply-to: <Pine.LNX.4.33.0105242255320.7810-100000@zeus.rug.ac.be>
References: <Pine.LNX.4.33.0105242255320.7810-100000@zeus.rug.ac.be>

On Thursday 24 May 2001 14:01, Rudy Gevaert wrote:
> On Thu, 24 May 2001, Rudy Gevaert wrote:
>
> Hello again,
>
> Some people suggested ippl, I installed it, and it runs.  It works :-)
>
> Some other people, said I should use portsentry.  And I look for it on the
> website, and it is a tar.gz file, but in the unstable section I can find a
> deb file. But I'm using stable.
>
> Will this give any problems? Or can I just download it?  I think I will
> have to add a line to my apt-get config file.  Right?
>
> Again, thanks in advance,
>
> Rudy

The problem with portsentry is that it binds to all the ports you are 
watching, so people that are scanning actually see those ports open. It is 
better to use snort, which will let you know that the scans have happened 
without the attacker being aware.

Reply to:

Follow-Ups:
- Re: detecting portscanning
  - From: Tim Uckun <tim@diligence.com>

References:
- Re: detecting portscanning
  - From: Rudy Gevaert <webworm@zeus.rug.ac.be>

Prev by Date: Re: detecting portscanning
Next by Date: Re: detecting portscanning
Previous by thread: Re: detecting portscanning
Next by thread: Re: detecting portscanning
Index(es):
- Date
- Thread