Am Di, den 07.02.2006 schrieb Troy Engel um 18:10:
I might throw this out -- I also offer RPMs for RHEL4, FC4, and CentOS4 (i386) of portsentry; look here:
http://rpmfind.net/linux/rpm2html/search.php?query=portsentry&submit=Sea......
...look for 'Falsehope' towards the middle, all my RPMs are tagged with .te.; I install portsentry on any server that exposes a service through a firewall (or no firewall at all), and it catches a *lot* of stuff for you.
Portsentry's ability to catch a portscan right away and block the IP can help save you in the long run. I have no idea why it's not in the official upstream sources anymore, it disappeared a couple of versions ago.
-te
portsentry is just a dead software project (since Cisco bought the company where it was developed). Check out for "psad"
http://www.cipherdyne.com/psad/
and see the FAQ part
http://www.cipherdyne.com/projects/psad/faq.html#diff_portsentry
With all these tools: be careful when using on remote-only systems to not lock out yourself by accident or get locked out by an attacker spoofing your own data.
Alexander