The sys admin’s daily grind: PortSentry
Ten Years After
To celebrate 10 years of his column, Charly sets up a sensitive detector that measures the cosmic background radiation of the Internet.
Scanning the ports on a machine belonging to someone else is not generally regarded as an attack. Of course, any serious attack will be preceded by a port scan. Administrators who take their security seriously always take a proactive approach to port scans, such as blocking the IP address that initiated the port scan for an extended period of time. The tool that lets you do this goes by the name of PortSentry  and is included in most distributions. The daemon identifies and logs port scans and runs commands after doing so.