Jan 012000
 

PortSentry – a port watcher

PortSentry is a program which watches connections on your ports and sends you warning messages if someone scans them..  It’s good for most port scans but not all.

This is from /usr/ports/security/portsentry/pkg/DESCR:

PortSentry is part of the Abacus Project suite of security tools. 
It is a program designed to detect and respond to port scans against 
a target host in real-time. There are other port scan detectors that 
perform similar detection of scans, but PortSentry has some unique 
features that may make it worth looking into  

WWW: http://www.psionic.com/abacus/portsentry/

Disclosure: I’m the port maintainer for PortSentry.

Installing

Remember, I have the entire ports tree.  So it was easy.
cd /usr/ports/security/portsenty
make
make install

Configuring

Sorry, but I’ve lost my notes for this install.  The rest of this article is from memory.

The first thing is to fetch everything:

You should read /work/portsentry-1.0/README.install.  The important steps are:

  • copy /usr/local/etc/portsentry.conf.default to /usr/local/etc/portsentry.conf
  • modify /usr/local/etc/portsentry.conf to your liking (see below)
  • add hosts which should be ignored to /usr/local/etc/portsentry.ignore

As time goes on, you might want to add things to /usr/local/etc/portsentry.ignore but use caution.

Running

Again, see work/portsentry-1.0/README.install, especially "STEP 5".  I tried running portsentry this way:
portsentry -tcp
portsentry -udp

  2 Responses to “PortSentry – a port watcher”

  1. I once was confident on portsentry detection.. but suddenly somebody told me that it can be used for a (kind of) DoS. I found no referencies on this, can you please point my nose to the right track ?? <g> 🙂

    btw, if I cannot foud this, it is problably a false assumption.. but I am paranoid. 😀

    thank you.