linux.ie: Port Sentry and Snort comparedMar 11, 2001, 16:11 (0 Talkback[s])
(Other stories by Ka Chun Leung)
[ Thanks to Ken Guest for this link. ]
"A port scan detector that can be configured to bind to ports you want monitored, reporting scans made to these ports and optionally running a command to deal with the scanning host (usually in the form of routing that host to a blackhole or adding a firewall rule dealing with said host)."
"Port Sentry can capture packets on Linux making it capable of detecting "stealth" scans that the default port binding method will never see. It also makes it unnecessary to bind to the ports you wish to monitor...."
"Snort falls into the category of Network Intrusion Detection Systems (NIDS). It is the best open source program of this type that I am aware of. Port scan detection is a subset of NIDS so one can rightfully assume that snort handles this as well."
"Snort is portable across multiple platforms using the libpcap library."