[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: detecting portscanning

On Thursday 24 May 2001 14:01, Rudy Gevaert wrote:
> On Thu, 24 May 2001, Rudy Gevaert wrote:
> Hello again,
> Some people suggested ippl, I installed it, and it runs.  It works :-)
> Some other people, said I should use portsentry.  And I look for it on the
> website, and it is a tar.gz file, but in the unstable section I can find a
> deb file. But I'm using stable.
> Will this give any problems? Or can I just download it?  I think I will
> have to add a line to my apt-get config file.  Right?
> Again, thanks in advance,
> Rudy

The problem with portsentry is that it binds to all the ports you are 
watching, so people that are scanning actually see those ports open. It is 
better to use snort, which will let you know that the scans have happened 
without the attacker being aware.

Reply to: