August 12, 2008

psad: Linux Detect And Block Port Scan Attacks In Real Time

Author: JT Smith

A port scanner (such as nmap) is a piece of software designed to search a network host for open ports. Cracker can use nmap to scan your network before starting attack. You can always see scan patterns by visiting /var/log/messages. But, I recommend the automated tool called psad - the port scan attack detector under Linux which is a collection of lightweight system daemons that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic.

Link: cyberciti.biz

Category:

  • Linux
Click Here!