Will portsentry automatically add the blackhole route?
I'd rather manually add it, because sometimes I run portscans and even
attacks on my own machines to check for vulnerabilities.
Also, is there any security mailing lists I should be on? I just signed up
for the debian security annoucements and discussion list.
- Kath
> On Sat, Apr 21, 2001 at 11:43:19PM -0700, Nicole Zimmerman wrote:
> > You might also check out 'portsentry': it looks for port scans on
> > ports so you don't have to get all of the other traffic as well. Snort
> > good for all around stuff.
> portsentry is great, not least because its free...
> http://www.psionic.com/abacus/portsentry/
> It is easy to install, configure and run. I like to
> set it up to create a 'blackhole' route for any IP
> address that is the source of a scan. It can also be
> configured to send email and to run whatever scripts
> and programs of your choosing when whatever scanning
> activity is detected (the use of retaliatory scripts
> and programs are, of course, discouraged).
> It also works well with a firewall, was, in fact,
> designed to do just that.
> We use it at work, too, and its quite amusing when a
> *customer* calls up wondering why they can't get to
> their website and they are asked if they have port
> scanned the machine their site is on. [=^J
> Erin 8)
