Securing-Optimizing-RH-Linux-1_2_169
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
169
·
portsentry -sudp ("Stealth" UDP scan detection)
·
portsentry -audp (Advanced "Stealth" UDP scan detection)
In my case I prefer to start TCP in Advanced TCP stealth scan detection protocol mode type
and UDP in "Stealth UDP scan detection protocol mode type. For information about the other
protocol mode type, please refer to the README.install and README.stealth file under the
PortSentry source directory.
For TCP mode I choose:
-atcp - Advanced TCP stealth scan detection mode
With the Advanced TCP stealth scan detection mode -atcp protocol mode type, PortSentry will
first check to see what ports you have running on your server, then remove these ports from
monitoring and will begin watching the remaining ports. This is very powerful and reacts
exceedingly fast for port scanners. It also uses very little CPU time.
For UDP mode I choose:
-sudp - "Stealth" UDP scan detection mode
With the Stealth" UDP scan detection mode -sudp protocol mode type, the UDP ports will be
listed and then monitored.
·
To start PortSentry in the two modes selected above, use the commands:
[root@deep /]# /usr/psionic/portsentry/portsentry -atcp
[root@deep /]# /usr/psionic/portsentry/portsentry -sudp
NOTE: You can add the above lines to your /etc/rc.d/rc.local script file and PortSentry software
will be automatically started if you reboot your system.
Installed files
> /usr/psionic
> /usr/psionic/portsentry
> /usr/psionic/portsentry/portsentry.conf
> /usr/psionic/portsentry/portsentry.ignore
> /usr/psionic/portsentry/portsentry