Re: detecting portscanning
On Thursday 24 May 2001 14:01, Rudy Gevaert wrote:
> On Thu, 24 May 2001, Rudy Gevaert wrote:
> Hello again,
> Some people suggested ippl, I installed it, and it runs. It works :-)
> Some other people, said I should use portsentry. And I look for it on the
> website, and it is a tar.gz file, but in the unstable section I can find a
> deb file. But I'm using stable.
> Will this give any problems? Or can I just download it? I think I will
> have to add a line to my apt-get config file. Right?
> Again, thanks in advance,
The problem with portsentry is that it binds to all the ports you are
watching, so people that are scanning actually see those ports open. It is
better to use snort, which will let you know that the scans have happened
without the attacker being aware.