"During the last decade, networking grew up at an
incredible speed. The goal was to allow communication between
machines using different OSes. Thus, proprietary networking systems
were slowly replaced with TCP/IP. Internet did the rest ! Today,
most networking relies on TCP/IP and TCP/IP relies on ports. To
make it short, ports are attached to programs (clients or servers).
The server listens till a client contacts it to establish a
connection. The services (the programs above mentioned) are mapped
to a specific port. On Unix systems, this mapping scheme is found
in the /etc/services file. That is, everyone knows which port is
dedicated to which service. If everyone knows, crackers know even
better ! If we consider a port as a door, when a port is open
(listening), it's like an unlocked door. And how do you get into a
house ? Usually through the door (unless you prefer the window,
it's up to you !). So do the black hats to get into your
computer...
The first thing you can do to reduce the risk is to close as
many ports as possible, that is to stop services. The less the
better. But you hardly can close every port on a networked machine
: it wouldn't communicate anymore, that would be a pity ! How to
limit the number of active services or how to close the ports is
beyond the scope of this article. You'll find a lot of literature
on the subject, for instance going to the Linux Documentation
Project or searching through LinuxFocus issues (for example,
Bastille Linux or Security tools). So for the different ways to
protect a machine, a network. On Linux, consider Bastille Linux as
a must have.
And this is where portsentry comes. Portsentry can monitor ports
and is able to block them if you ask it to do so. It provides you
with different operating modes, some of them being specific to some
OSes. As a matter of fact, OSes means Linux. Portsentry is able to
benefit from packet filtering provided with ipfwadm, ipchains or
iptables according to the Linux kernel you have. This is true for
other Unix flavors using different tools (back on this later).
There we are : portsentry greatest feature probably is
"auto-blocking".