Hmm. I better not use portsentry then. Didn't think of that Tim. :( Maybe I can just use a log scanner and write a cron script to work with it and iptables together.
Tim Fournet wrote: >Portsentry has to be explicitly told which ports to monitor. It actually >makes the machine listen on those ports in order to monitor them. The >problem with running things like portsentry is that you can DoS a >portsentry host by spoofing source IP addresses to make the host block >those IPs. For instance, if I know you're running portsentry, I'll spoof >your ISP's DNS servers and get myself blocked, thereby killing your >ability to do DNS lookups. > >On Tue, 2004-07-20 at 14:03, Wade wrote: > > >>Anybody know of a good "live" portscan monitor? >>Not looking for one that looks at logs. >>I've tired portsentry and like the way it can add a iptable rule but it >>doesn't catch them all for some reason. >>Any suggestions? >> >>Wade >> >>_______________________________________________ >>General mailing list >>[email protected] >>http://brlug.net/mailman/listinfo/general_brlug.net >> >> > > >_______________________________________________ >General mailing list >[email protected] >http://brlug.net/mailman/listinfo/general_brlug.net > >
