The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]

Things look quiet here. But I've been doing a lot of blogging at dan.langille.org because I prefer WordPress now. Not all my posts there are FreeBSD related. I am in the midst of migrating The FreeBSD Diary over to WordPress (and you can read about that here). Once the migration is completed, I'll move the FreeBSD posts into the new FreeBSD Diary website.

PortSentry - a port watcher 1 January 2000
Share
Need more help on this topic? Click here
This article has 2 comments
Show me similar articles
PortSentry is a program which watches connections on your ports and sends you warning messages if someone scans them..  It's good for most port scans but not all.

This is from /usr/ports/security/portsentry/pkg/DESCR:

PortSentry is part of the Abacus Project suite of security tools. 
It is a program designed to detect and respond to port scans against 
a target host in real-time. There are other port scan detectors that 
perform similar detection of scans, but PortSentry has some unique 
features that may make it worth looking into  

WWW: http://www.psionic.com/abacus/portsentry/

Disclosure: I'm the port maintainer for PortSentry.

Installing
Remember, I have the entire ports tree.  So it was easy.
cd /usr/ports/security/portsenty
make
make install
Configuring
Sorry, but I've lost my notes for this install.  The rest of this article is from memory.

The first thing is to fetch everything:

You should read /work/portsentry-1.0/README.install.  The important steps are:

  • copy /usr/local/etc/portsentry.conf.default to /usr/local/etc/portsentry.conf
  • modify /usr/local/etc/portsentry.conf to your liking (see below)
  • add hosts which should be ignored to /usr/local/etc/portsentry.ignore

As time goes on, you might want to add things to /usr/local/etc/portsentry.ignore but use caution.

Running
Again, see work/portsentry-1.0/README.install, especially "STEP 5".  I tried running portsentry this way:
portsentry -tcp
portsentry -udp
Share
Need more help on this topic? Click here
This article has 2 comments
Show me similar articles