Firewalls help us to protect our network from unsolicited intrusions. Using them we can choose which ports we want to be open and which one’s we dont. Information is kept private by your organization and responsibility of individuals asociated. Nobody
from the outside implicitly knows this information, but attackers know as well as spammers, that for some kind of attacks you
can use a special program to scan all the ports on a server to glean this valuable information i.e. what is open and what is not.
A port scan is a symptom of a larger problem coming your way. It is often the pre-cursor for an attack and is a critical piece of information for properly defending your information resources. PortSentry is a program designed to detect and respond to port scans against a target host in real-time and has a number of options to detect port scans. When it finds one it can react in the following ways:
A log indicating the incident is made via syslog().
The target host is automatically dropped into /etc/hosts.deny for TCP Wrappers.
The local host is automatically re-configured to route all traffic to the target to a dead host to make the target system disappear.
The local host is automatically re-configured to drop all packets from the target via a local packet filter.
The purpose of this is to give an admin a heads up that their host is being probed.
1. Login as root and fire following cmds
2. mkdir /root/download
3. cd /root/download
4. wget http://sourceforge.net/projects/sentrytools/files/portsentry%201.x/portsentry-1.2/portsentry-1.2.tar.gz/download
5. tar xvfz portsentry-1.2.tar.gz
6. cd portsentry_beta/
8. make install
Edit /etc/portsentry/portsentry.conf and specify the ports you want portsentry to protect:
# Un-comment these if you are really anal:
# Use these if you just want to be aware:
# Use these for just bare-bones
It should be ports that are not in use on the system. E.g., if you use IMAP (port 143 TCP) on the server you should remove
143 from the list above. The rest of portsentry.conf is well commented, but normally the default values should work.
9. To launch portsentry