[ Thanks to Jeremy C.
Reed for this link. ]
“I figured I didn’t need a security policy when I set up my
first web server some years back. … And then it dawned on me that
by simply scanning subnets your average script kiddie didn’t need
to know what my site was all about at all. He or she could just
scan en masse for open ports and an easy way in and then plant a
root kit for laughs or turn my machine into a spam forwarding
station. I got a copy of SATAN and ran it against my own site. I
was astonished. Every port, that could be, was open and
identifiable to anyone on the internet. (There were these problems
with my logs, too, but that is another story.)”
“…I built the best firewall I could with a Pentium 90 and the
zero knowledge I had at the time and bit my lip. Some time after
that I got introduced to a splendid little program called
Portsentry that did precisely what I needed — it let
me know immediately when someone probed my perimeter wire. As an
added benefit, it could make the port being probed just vanish from
the intruder’s sight.”
“Portsentry actually does a lot more than that. It will
log the offender’s IP address and can insert that address into the
/etc/hosts.deny file. It can be configured to simply drop the
offender into a black hole in real time, or run a retaliation
script (highly not recommended). For folks that have no provision
for the high dollar security services and those really expensive
black boxes that a lot of companies sell — this program used with
its companion program, Logcheck, are a pretty good deal. When
coupled with a good firewall running a packet filter like IPF, it
is a pretty hard combination to beat. These items can remove most
of the threat from the subnet booty bandit, or the generic script
kiddie (if you’re into the whole genteel approach to
name-calling).”