ITP: portsentry
This is my Intent to Package 'portsentry', an anti port-scanning
daemon that watches for common scanning patterns and allows the
sysadmin to do any of the following:
1) run a script to alert the sysadmin of the source IP and port the scan
came from, and/or
2) add an ipchains rule to drop ALL traffic from that IP in the future,
including ICMP (nice!) and/or
3) add a route sending all traffic from the incoming IP to a nonexistant
host (if 2 is undesirable for some reason)
I've written a small Perl script to perform step 1) and mail the
admin with the IP and port, and will include it in the package.
Anyone think I shouldn't package it up? :) Speak up now..
Ben
--
Brought to you by the letters R and B and the number 17.
"Porcoga daisuki!"
Debian GNU/Linux maintainer of Gimp and GTK+ -- http://www.debian.org/
Reply to: