PortSentry – a port watcher

PortSentry – a port watcher

PortSentry is a program which watches connections on your ports
and sends you warning messages if someone scans them..  It’s good for most port scans
but not all.

This is from /usr/ports/security/portsentry/pkg/DESCR:

PortSentry is part of the Abacus Project suite of security tools. 
It is a program designed to detect and respond to port scans against 
a target host in real-time. There are other port scan detectors that 
perform similar detection of scans, but PortSentry has some unique 
features that may make it worth looking into  

WWW: http://www.psionic.com/abacus/portsentry/

Disclosure: I’m the port maintainer for PortSentry.

Installing

Remember, I have the entire ports tree
So it was easy.

cd /usr/ports/security/portsenty
make
make install

Configuring

Sorry, but I’ve lost my notes for this install.  The rest of this
article is from memory.

The first thing is to fetch everything:

You should read /work/portsentry-1.0/README.install.  The important
steps are:

  • copy /usr/local/etc/portsentry.conf.default to /usr/local/etc/portsentry.conf
  • modify /usr/local/etc/portsentry.conf to your liking (see below)
  • add hosts which should be ignored to /usr/local/etc/portsentry.ignore

As time goes on, you might want to add things to /usr/local/etc/portsentry.ignore
but use caution.

Running

Again, see work/portsentry-1.0/README.install, especially
"STEP 5".  I tried running portsentry this way:

portsentry -tcp
portsentry -udp

2 thoughts on “PortSentry – a port watcher”

  1. irado furioso com tudo

    I once was confident on portsentry detection.. but suddenly somebody told me that it can be used for a (kind of) DoS. I found no referencies on this, can you please point my nose to the right track ?? <g> 🙂

    btw, if I cannot foud this, it is problably a false assumption.. but I am paranoid. 😀

    thank you.

Leave a Comment

Scroll to Top