Portsentry has to be explicitly told which ports to monitor. It actually makes the machine listen on those ports in order to monitor them. The problem with running things like portsentry is that you can DoS a portsentry host by spoofing source IP addresses to make the host block those IPs. For instance, if I know you're running portsentry, I'll spoof your ISP's DNS servers and get myself blocked, thereby killing your ability to do DNS lookups.
On Tue, 2004-07-20 at 14:03, Wade wrote: > Anybody know of a good "live" portscan monitor? > Not looking for one that looks at logs. > I've tired portsentry and like the way it can add a iptable rule but it > doesn't catch them all for some reason. > Any suggestions? > > Wade > > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net
