Port Sentry

Port Sentry [45 Kb]
Unearthed by Wooden Pickle

http://www.psionic.com/downloads/portsentry-1.1.tar.gz
http://www.psionic.com/products/index.html

“As long as we’re talking about security. I have been using a great program fora while called Port Sentry. It comes with Caldera’s latest release and can be installed super easy on other distros. I just wanted to mention it in case it’s helpful for someone else.

“It’s not a firewall but a defense against port scans. It monitors all the ports you tell it to and you also set the ‘trigger’ to be real sensitive or real easy. If someone port scans your machine (too many ports within a certain time period from the same source IP) port sentry can be configured to do a few things. First it drops the attacker’s IP address in the /etc/hosts.deny file and/or creates an ipchains or iptables rule to block any future packets from that IP address.

“The way I look at it, if you have a lot of services running and someone hits you with nmap, they might get interested if they see a whole bunch of ports open. But if, the moment they start scanning, your system just seems to disappear fromthe world, they’ll probably give up on you and move on to some other servers.”

“At any rate, I do like the tool and have seen it work many times on my own servers. Just be careful to configure it properly. It doesn’t seem to like windows systems when they send out a lot of NetBIOS broadcasts and NetBEUI is a pretty chatty little protocol so you may need to turn down the sensitivity (or turn off NetBEUI since it’s worthless anymore).”