Find the answer to your Linux question:
Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    using portsentry to run zenmap against attacker on detected portscan

    Hi all.
    I'm trying to configure port sentry so that one someone port scans me. It runs zenmap and runs a scan against far I have made these changes to the config file.
    set it to run a command when it detects a scan.
    # 0 = Do not block UDP/TCP scans.
    # 1 = Block UDP/TCP scans.
    # 2 = Run external command only (KILL_RUN_CMD)
    and set the command to run zenmap
    KILL_RUN_CMD="sudo zenmap -p intense_scan,_no_ping -t $TARGET$"
    but when I scan the computer with port sentry on it from another computer nothing happens.
    btw I'm running ubuntu 11.04 if that helps any.
    Thanks, Waffer

  2. #2
    Just Joined!
    Join Date
    Aug 2009
    Quote Originally Posted by waffer View Post
    I'm trying to configure port sentry
    What on Earth suggested you to use Port Sentry? It was abandoned by the owner ages ago, bought up by another company and spat out again. It's unmaintained, deprecated and inaccurate. Besides that your idea of running a nmap scan against remote hosts is only superficially entertaining and 0) some jurisdictions don't take lightly to scanning remote hosts, 1) the remote host may be an innocent proxy for the actual attacker and 2) you accomplish absolutely nothing positive by scanning remote hosts in terms of host security...

  3. #3
    Scanning it would make you the attacker. Why not just deny them in iptables?

  4. $spacer_open

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts