[ previous ] [ next ] [ threads ]
 
 From:  "Tracy Phillips" <tracy dot phillips at weberize dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  PorSentry Feedback
 Date:  Wed, 22 Oct 2003 11:15:25 -0500
Hi,

 

I would like to know what the list would think about implementing portsentry
into m0n0wall?

 

http://www.freebsddiary.org/portsentry.php

 

Psionic was purchased by Cisco so the link referenced in the article above
will lead you to Cisco.

 

This is from the readme of portsentry:

 

PortSentry is part of the Abacus Project suite of tools. The Abacus 

Project is an initiative to release low-maintenance, generic, and reliable

host based intrusion detection software to the Internet community. More

information can be obtained from http://www.psionic.com. 

 

PortSentry has a number of options to detect port scans, when it finds one
it

can react in the following ways:

 

            - A log indicating the incident is made via syslog()

            - The target host is automatically dropped into /etc/hosts.deny

              for TCP Wrappers

            - The local host is automatically re-configured to route all

              traffic to the target to a dead host to make the target system

              disappear.

            - The local host is automatically re-configured to drop all

              packets from the target via a local packet filter.

 

 

The purpose of this is to give an admin a heads up that their host is

being probed. There are similar programs that do this already (klaxon, 

etc.) We have added a little twist to the whole idea (auto-blocking), plus

extensive support for stealth scan detection.

 

--

 

I think this would be a great tool to be implemented on a firewall
(obviously Cisco does as well). It's a fairly lightweight program so it
should not take up much room.

 

I would like to get some feedback on the subject

 

 

Tracy Phillips