---

linux.ie: Port Sentry and Snort compared

[ Thanks to Ken Guest
for this link. ]

“A port scan detector that can be configured to bind to ports
you want monitored, reporting scans made to these ports and
optionally running a command to deal with the scanning host
(usually in the form of routing that host to a blackhole or adding
a firewall rule dealing with said host).”

“Port Sentry can capture packets on Linux making it capable of
detecting “stealth” scans that the default port binding method will
never see. It also makes it unnecessary to bind to the ports you
wish to monitor….”

“Snort falls into the category of Network Intrusion Detection
Systems (NIDS). It is the best open source program of this type
that I am aware of. Port scan detection is a subset of NIDS so one
can rightfully assume that snort handles this as well.”

“Snort is portable across multiple platforms using the libpcap
library.”

Complete
Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis