[techtalk] Better snort/logcheck reporting - portsentry
Kath
ranger at optonline.net
Sun Apr 22 20:35:47 EST 2001
Will portsentry automatically add the blackhole route?
I'd rather manually add it, because sometimes I run portscans and even
attacks on my own machines to check for vulnerabilities.
Also, is there any security mailing lists I should be on? I just signed up
for the debian security annoucements and discussion list.
- Kath
----- Original Message -----
From: "Erin Clarke" <blue at web.net>
To: <techtalk at linuxchix.org>
Sent: Sunday, April 22, 2001 7:53 PM
Subject: Re: [techtalk] Better snort/logcheck reporting - portsentry
> On Sat, Apr 21, 2001 at 11:43:19PM -0700, Nicole Zimmerman wrote:
> > You might also check out 'portsentry': it looks for port scans on
specific
> > ports so you don't have to get all of the other traffic as well. Snort
is
> > good for all around stuff.
>
> portsentry is great, not least because its free...
>
> http://www.psionic.com/abacus/portsentry/
>
> It is easy to install, configure and run. I like to
> set it up to create a 'blackhole' route for any IP
> address that is the source of a scan. It can also be
> configured to send email and to run whatever scripts
> and programs of your choosing when whatever scanning
> activity is detected (the use of retaliatory scripts
> and programs are, of course, discouraged).
>
> It also works well with a firewall, was, in fact,
> designed to do just that.
>
> We use it at work, too, and its quite amusing when a
> *customer* calls up wondering why they can't get to
> their website and they are asked if they have port
> scanned the machine their site is on. [=^J
>
> Erin 8)
>
>
> _______________________________________________
> techtalk mailing list
> techtalk at linuxchix.org
> http://www.linux.org.uk/mailman/listinfo/techtalk
>
More information about the Techtalk
mailing list