[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: detecting portscanning

The problem with portsentry is that it binds to all the ports you are
watching, so people that are scanning actually see those ports open. It is
better to use snort, which will let you know that the scans have happened
without the attacker being aware.

Although it binds to all the ports portsentry can blackhole the scanner as soon as it detects it with an IP chains rule. Once the user starts a scan they will be immediately blackholed and will never even complete the scan.

Tim Uckun
Due Diligence Inc. http://www.diligence.com/ Americas Background Investigation Expert. If your company isn't doing background checks, maybe you haven't considered the risks of a bad hire.

Reply to: