LinuxNewbie.org: Setting up PortsentryMay 27, 2000, 16:03 (0 Talkback[s])
(Other stories by vvx)
[ Thanks to Sensei for this link. ]
"Okay, before I start to tell you how great Portsentry is and how you to can install and use it, I'm going to give two pieces of advice. First, read this all the way through prior to doing ANYTHING! This is especially true for my fellow Debian users. There is a special treat near the end for you, but this is advice everyone should follow. Second, while Portsentry is an excellent security application, having it is not an excuse to be lazy on security. You can't put Portsentry on an entirely insecure box with everyone's worst security holes and expect it to be secure."
"What Portsentry does is it listens on the ports you are not using for port scans. When it detects a scan, depending on how you set it up, it will then add them to your hosts.deny file and drop them through either ipchains or the route command. What this does is as soon as the person scanning you trips Portsentry, your computer stops responding to them. Even if you have services open, your computer will not respond when they scan those ports. ... You can also set up "logcheck" to email you when someone scans you, and there are more settings you can play with at that."
"...two methods to get this. One is to download the source in a .tar.gz source file, the other is to use Debian package management. If you're not using Debian, forget the second idea."