The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
PortSentry - a port watcher 1 January 2000
Need more help on this topic? Click here
This article has 2 comments
Show me similar articles
PortSentry is a program which watches connections on your ports and sends you warning messages if someone scans them..  It's good for most port scans but not all.

This is from /usr/ports/security/portsentry/pkg/DESCR:

PortSentry is part of the Abacus Project suite of security tools. 
It is a program designed to detect and respond to port scans against 
a target host in real-time. There are other port scan detectors that 
perform similar detection of scans, but PortSentry has some unique 
features that may make it worth looking into  

WWW: http://www.psionic.com/abacus/portsentry/

Disclosure: I'm the port maintainer for PortSentry.

Installing
Remember, I have the entire ports tree.  So it was easy.
cd /usr/ports/security/portsenty
make
make install
Configuring
Sorry, but I've lost my notes for this install.  The rest of this article is from memory.

The first thing is to fetch everything:

You should read /work/portsentry-1.0/README.install.  The important steps are:

  • copy /usr/local/etc/portsentry.conf.default to /usr/local/etc/portsentry.conf
  • modify /usr/local/etc/portsentry.conf to your liking (see below)
  • add hosts which should be ignored to /usr/local/etc/portsentry.ignore

As time goes on, you might want to add things to /usr/local/etc/portsentry.ignore but use caution.

Running
Again, see work/portsentry-1.0/README.install, especially "STEP 5".  I tried running portsentry this way:
portsentry -tcp
portsentry -udp

Need more help on this topic? Click here
This article has 2 comments
Show me similar articles