Re: ITP: portsentry
Craig Sanders wrote:
> On Thu, Oct 14, 1999 at 06:16:41PM -0700, Ben Gertzfield wrote:
> > This is my Intent to Package 'portsentry', an anti port-scanning
> > daemon that watches for common scanning patterns and allows the
> > sysadmin to do any of the following:
> >
> > 1) run a script to alert the sysadmin of the source IP and port the scan
> > came from, and/or
> >
> > 2) add an ipchains rule to drop ALL traffic from that IP in the future,
> > including ICMP (nice!) and/or
>
> great. auto-self-denial-of-service...help the script kiddies take out
> your server. all it takes is for someone to spoof a port-scan and you
> automatically packet-filter the spoofed source.
>
---end quoted text---
That was exactly my first reaction when I first heard of portsentry.
However, after asking someone who used it, I installed and read the docs.
Portsentry sets up /etc/portsentry/portsentry.ignore to preveent just such
an occurrence. The file begins with 127.0.0.1 and any dynamically (ex: dhcp
aquired) server and host info included, and you can add others manually. All
in all, it seems a well designed piece of software. I kept it :)
--
Regards,
Steve
Debian GNU/Linux Because software support is free, timely,
useful, technically accurate, and friendly.
Reboots are for kernel and hardware upgrades.
Reply to: