Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

14.7. Test fire your PortSentry

The PortSentry program can be configured in six different modes of operation, but be aware that only one protocol mode type can be started at a time. To be more accurate, you can start one TCP mode and one UDP mode, so two TCP modes and one UDP modes, for example, doesn't work. The available modes are:

portsentry -tcp

basic port-bound TCP mode

portsentry -udp

basic port-bound UDP mode

portsentry -stcp

Stealth TCP scan detection

portsentry -atcp

Advanced TCP stealth scan detection

portsentry -sudp

Stealth UDP scan detection

portsentry -audp

Advanced Stealth UDP scan detection

In my case I prefer to start TCP in Advanced TCP stealth scan detection protocol mode and UDP in Stealth UDP scan detection protocol mode. For information about the other protocol modes, please refer to the README.install and README.stealth file under the PortSentry source directory. For TCP mode I choose:

-atcp

Advanced TCP stealth scan detection mode

With the Advanced TCP stealth scan detection mode -atcp protocol mode type, PortSentry will first check to see what ports you have running on your server, then remove these ports from monitoring and will begin watching the remaining ports. This is very powerful and reacts exceedingly quickly for port scanners. It also uses very little CPU time.

For UDP mode I choose:

-sudp

Stealth UDP scan detection mode

With the Stealth UDP scan detection mode -sudp protocol mode type, the UDP ports will be listed and then monitored.

To start PortSentry in the two modes selected above, use the commands:
         [root@deep] /#  /usr/psionic/portsentry/portsentry -atcp
         [root@deep] /#  /usr/psionic/portsentry/portsentry -sudp
         

Tip: You can add the above lines to your /etc/rc.d/rc.local script file and PortSentry software will be automatically started if you reboot your system.

These are the files Installed by Portsentry on your system:

/usr/psionic
/usr/psionic/portsentry
/usr/psionic/portsentry/portsentry.conf
/usr/psionic/portsentry/portsentry.ignore
/usr/psionic/portsentry/portsentry

 
 
  Published under the terms of the Open Publication License Design by Interspire