On Thu, Mar 22, 2001 at 10:20:42AM +0100, Frédéric de Villamil wrote:
> Hi dude
> just try porsentry, it's a nice scan detector
> but be carefull: if you use portsentry and nmap your owncomputer, you'll find
> numerous ports open you don't use the services as portsentry watch many ports
> by default
> have fun
> fred
>
Portsentry is a nice start, but it misses a lot of stuff. Snort is much
better, but is more work to configure.
Big problem with portsentry is that it binds to the ports, and makes it
appear that a particular exploit might be running on your machine, this
is like blood in the water to the dumber variety of script kiddies. (the
vaguely smarter ones figure out that an ip with a dozen backdoor
exploits is probably not really running them)
--
Jim Richardson
Anarchist, pagan and proud of it
WWW.eskimo.com/~warlock
Linux, because life's too short for a buggy OS.
