Skip to main content
IBM  
Shop Support Downloads
IBM Home Products Consulting Industries News About IBM
IBM developerWorks : Linux : Education - Tutorials
LPI certification 102 exam prep, Part 3
ZIPPDF (letter)PDF (A4)e-mail
Main menuSection menuFeedbackPreviousNext
4. Security overview
  


Intrusion detection - portsentry page 18 of 21


The PortSentry package from Psionic Technologies is actually a bit of a cross between intrusion prevention and detection. It watches your network connection, and if it sees any attempts to connect to your system that it deems "suspicious," it will log the event and then block it from happening again. It, too, can be found in Resources at the end of this tutorial.

When you have it installed and running, you will be able to see any attempted connections and how PortSentry responded to them in your syslog:


# tail /var/log/messages
Oct 15 00:21:24 mycroft portsentry[603]: attackalert:
  SYN/Normal scan from host: 302.174.40.34/302.174.40.34 to TCP port: 111
Oct 15 00:21:24 mycroft portsentry[603]: attackalert:
  Host 302.174.40.34  has  been  blocked  via wrappers with string: 
  "ALL: 302.174.40.34"
Oct 15 00:21:24 mycroft portsentry[603]: attackalert:
  Host 302.174.40.34 has been blocked via dropped route using command:
  "/sbin/route add -host 302.174.40.34 reject" 
Oct 15 00:21:24 mycroft portsentry[603]: attackalert:
  SYN/Normal scan from host: 302.174.40.34/302.174.40.34 to TCP port: 111
Oct 15 00:21:24 mycroft portsentry[603]: attackalert:
  Host: 302.174.40.34/302.174.40.34 is already blocked Ignoring 
Oct 15 00:33:59 mycroft portsentry[603]: attackalert:
  SYN/Normal scan from host: 302.106.103.19/302.106.103.19 to TCP port: 111
Oct 15 00:33:59 mycroft portsentry[603]: attackalert:
  Host 302.106.103.19 has been blocked via wrappers with string:
  "ALL: 302.106.103.19"
Oct 15 00:33:59 mycroft portsentry[603]: attackalert:
  Host 302.106.103.19 has been blocked via dropped route using command:
  "/sbin/route add -host 302.106.103.19 reject"

Main menuSection menuFeedbackPreviousNext
Privacy Legal Contact