The sys admin’s daily grind: PortSentry

Ten Years After

Article from Issue 136/2012
Author(s):

To celebrate 10 years of his column, Charly sets up a sensitive detector that measures the cosmic background radiation of the Internet.

Scanning the ports on a machine belonging to someone else is not generally regarded as an attack. Of course, any serious attack will be preceded by a port scan. Administrators who take their security seriously always take a proactive approach to port scans, such as blocking the IP address that initiated the port scan for an extended period of time. The tool that lets you do this goes by the name of PortSentry [1] and is included in most distributions. The daemon identifies and logs port scans and runs commands after doing so.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Customizing PortSentry

    PortSentry monitors your ports and lets you know when they’ve been scanned.

  • Table of Contents: 139
  • Tool Tips

    Mobiki wiki engine, jEdit cross-platform text editor, youtube-dl movie downloader, and Inadyn compact DDNS client.

  • Charly's Column

    Conventional, woodpecker-style port knocking is open to sniffing and brute force knocking attacks. Sending an encrypted packet with an access request to the server is safer and more modern. Learn more about Firewall Knock Operator, a.k.a. Fwknop.

comments powered by Disqus

Direct Download

Read full article as PDF:

045-045_charly.pdf (1.84 MB)

News

njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia