---

---

Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 169 · portsentry -sudp ("Stealth" UDP scan detection) · portsentry -audp (Advanced "Stealth" UDP scan detection) In my case I prefer to start TCP in “Advanced TCP stealth scan detection” protocol mode type and UDP in "Stealth UDP scan detection” protocol mode type. For information about the other protocol mode type, please refer to the “README.install” and “README.stealth” file under the PortSentry source directory. For TCP mode I choose: -atcp - Advanced TCP stealth scan detection mode With the Advanced TCP stealth scan detection mode “-atcp” protocol mode type, PortSentry will first check to see what ports you have running on your server, then remove these ports from monitoring and will begin watching the remaining ports. This is very powerful and reacts exceedingly fast for port scanners. It also uses very little CPU time. For UDP mode I choose: -sudp - "Stealth" UDP scan detection mode With the Stealth" UDP scan detection mode “-sudp” protocol mode type, the UDP ports will be listed and then monitored. · To start PortSentry in the two modes selected above, use the commands: [root@deep /]#  /usr/psionic/portsentry/portsentry -atcp [root@deep /]#  /usr/psionic/portsentry/portsentry -sudp NOTE: You can add the above lines to your “/etc/rc.d/rc.local” script file and  PortSentry software will be automatically started if you reboot your system. Installed files > /usr/psionic > /usr/psionic/portsentry > /usr/psionic/portsentry/portsentry.conf > /usr/psionic/portsentry/portsentry.ignore > /usr/psionic/portsentry/portsentry