|
||||||||
Hi, I would like to know what the list would think about implementing portsentry into m0n0wall? http://www.freebsddiary.org/portsentry.php Psionic was purchased by Cisco so the link referenced in the article above will lead you to Cisco. This is from the readme of portsentry: PortSentry is part of the Abacus Project suite of tools. The Abacus Project is an initiative to release low-maintenance, generic, and reliable host based intrusion detection software to the Internet community. More information can be obtained from http://www.psionic.com. PortSentry has a number of options to detect port scans, when it finds one it can react in the following ways: - A log indicating the incident is made via syslog() - The target host is automatically dropped into /etc/hosts.deny for TCP Wrappers - The local host is automatically re-configured to route all traffic to the target to a dead host to make the target system disappear. - The local host is automatically re-configured to drop all packets from the target via a local packet filter. The purpose of this is to give an admin a heads up that their host is being probed. There are similar programs that do this already (klaxon, etc.) We have added a little twist to the whole idea (auto-blocking), plus extensive support for stealth scan detection. -- I think this would be a great tool to be implemented on a firewall (obviously Cisco does as well). It's a fairly lightweight program so it should not take up much room. I would like to get some feedback on the subject Tracy Phillips |