Re: ITP: portsentry

["Stephen R. Gore" <sgore@ev1.net>]

Craig Sanders wrote:
> On Thu, Oct 14, 1999 at 06:16:41PM -0700, Ben Gertzfield wrote:
> > This is my Intent to Package 'portsentry', an anti port-scanning
> > daemon that watches for common scanning patterns and allows the
> > sysadmin to do any of the following:
> > 
> > 1) run a script to alert the sysadmin of the source IP and port the scan
> >    came from, and/or
> > 
> > 2) add an ipchains rule to drop ALL traffic from that IP in the future,
> >    including ICMP (nice!) and/or
> 
> great. auto-self-denial-of-service...help the script kiddies take out 
> your server. all it takes is for someone to spoof a port-scan and you
> automatically packet-filter the spoofed source. 
> 
---end quoted text---

That was exactly my first reaction when I first heard of portsentry.

However, after asking someone who used it, I installed and read the docs.
Portsentry sets up /etc/portsentry/portsentry.ignore to preveent just such
an occurrence.  The file begins with 127.0.0.1 and any dynamically (ex: dhcp
aquired) server and host info included, and you can add others manually. All
in all, it seems a well designed piece of software. I kept it :)

-- 
Regards,
Steve

Debian GNU/Linux Because software support is free, timely,
                 useful, technically accurate, and friendly.
                 Reboots are for kernel and hardware upgrades.