Re: iptables Timed Port Block?

From: Tantor (tantor@tantor1.yi.org)
Date: 02/27/03


From: "Tantor" <tantor@tantor1.yi.org>
Date: Thu, 27 Feb 2003 19:25:07 GMT

right on thanks, I'll check it out.
"Steve Webster" <swebstenospamr@bignospampond.net.au> wrote in message
news:3E5E60FA.1080000@bignospampond.net.au...
> Tantor wrote:
>
> [snip]
> > What I want to be able to do is open port 21 and as soon as a computer
scans
> > that port I want something that reads its ip and drop all further
packets
> > from that person for x amount of time. Since nothing is using port 21
if
> > something does scan it then I have to assume that its for an attack of
> > somekind, so I figure it would be a good idea to just block everything
from
> > that IP for awhile.
> >
>
> This sounds like what Portsentry is supposed to do. It used to be
> available from <http://www.psionic.com> according to Google, but I don't
> know if that's still the case. According to
> <http://packages.debian.org/unstable/net/portsentry.html>, "PortSentry
> has the ability to detect portscans(including stealth scans) on the
> network interfaces of your machine. Upon alarm it can block the attacker
> via hosts.deny, dropped route or firewall rule. It is part of the Abacus
> program suite".
>
> There's an intro article at:
> <http://www.bsdtoday.com/2000/July/Features233.html>
>
> --
> Steve Webster
> Remove the 'nospam's to get my email address.
>