Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




14.7. Test fire your PortSentry

The PortSentry program can be configured in six different modes of operation, but be aware that only one protocol mode type can be started at a time. To be more accurate, you can start one TCP mode and one UDP mode, so two TCP modes and one UDP modes, for example, doesn't work. The available modes are:

portsentry -tcp

basic port-bound TCP mode

portsentry -udp

basic port-bound UDP mode

portsentry -stcp

Stealth TCP scan detection

portsentry -atcp

Advanced TCP stealth scan detection

portsentry -sudp

Stealth UDP scan detection

portsentry -audp

Advanced Stealth UDP scan detection

In my case I prefer to start TCP in Advanced TCP stealth scan detection protocol mode and UDP in Stealth UDP scan detection protocol mode. For information about the other protocol modes, please refer to the README.install and README.stealth file under the PortSentry source directory. For TCP mode I choose:


Advanced TCP stealth scan detection mode

With the Advanced TCP stealth scan detection mode -atcp protocol mode type, PortSentry will first check to see what ports you have running on your server, then remove these ports from monitoring and will begin watching the remaining ports. This is very powerful and reacts exceedingly quickly for port scanners. It also uses very little CPU time.

For UDP mode I choose:


Stealth UDP scan detection mode

With the Stealth UDP scan detection mode -sudp protocol mode type, the UDP ports will be listed and then monitored.

To start PortSentry in the two modes selected above, use the commands:
         [root@deep] /#  /usr/psionic/portsentry/portsentry -atcp
         [root@deep] /#  /usr/psionic/portsentry/portsentry -sudp

Tip: You can add the above lines to your /etc/rc.d/rc.local script file and PortSentry software will be automatically started if you reboot your system.

These are the files Installed by Portsentry on your system:


  Published under the terms of the Open Publication License Design by Interspire