RE: Port Scanning...

["David Wakeman \(Win\)" <dwakeman@UMAGroup.com>]

You could also use a tool called Port Sentry.  It can detect various udp and tcp port scans and take appropriate action (add scanning host to your deny file, and/or deny their ip using ipchains).  Anyhow, here is their page: http://www.psionic.com/abacus/portsentry/

 

Hope that helps.

 

David

-----Original Message-----
From: Eric N. Valor [mailto:eric.valor@lutris.com]
Sent: February 1, 2001 8:26 PM
To: Jason Arden; debian-security@lists.debian.org
Subject: Re: Port Scanning...

A nice nastygram to the ISP admin is about all you can do.  Often that makes the scans stop, and every so often you'll actually get a RESPONSE!  Cut-n-paste the relevant info and include that in the nastygram (they like to be able to match IPs with login times to find and root out skr1pt K1dd13z. 

As far as opening false ports, I wouldn't play that game - it could come back to really bite you unless you absolutely know what you're doing (read Bellovin & Cheswick - "Repelling the Wily Hacker" regarding a good story of doing this sort of thing).

At 08:18 PM 2/1/2001 -0600, Jason Arden wrote:

Can anyone recommend a program to stop people from portscanning your server... or maybe put out some false information, like lets say 20 pages of open ports?
 
-Jason
 
Thanks for your time...
 

--

Eric N. Valor

Webmeister/Inetservices

Lutris Technologies

eric.valor@lutris.com

- This Space Intentionally Left Blank -