Re: detecting portscanning
The problem with portsentry is that it binds to all the ports you are
watching, so people that are scanning actually see those ports open. It is
better to use snort, which will let you know that the scans have happened
without the attacker being aware.
Although it binds to all the ports portsentry can blackhole the scanner as
soon as it detects it with an IP chains rule. Once the user starts a scan
they will be immediately blackholed and will never even complete the scan.
Due Diligence Inc. http://www.diligence.com/ Americas Background
If your company isn't doing background checks, maybe you haven't considered
the risks of a bad hire.