CentOS prevents malicious scanning of PortSentry

Port is very important for server door security. when the server runs many services and provides external services, to prevent malicious detection of server usage, you can use portsentry to confuse the other portsentry. you can set the TCP/UDP port for listening to the specified port. when the port is opened during a scan, the scanner information can be recorded and processed accordingly: firewall blocking, route targeting, execution of custom script lab environment centos-5.8

Port security is very important for servers. when the server runs many services and provides external services, portsentry can be used to prevent malicious detection of server usage.

Portsentry allows you to set the TCP/UDP port to listen to a specified listener. when a scan occurs, the listener will respond to the port opening and record the scanner information for corresponding processing: Firewall blocking, route targeting, and execution of custom scripts.

 

Lab environment

Centos-5.8

 

Lab software

Gcc-c ++

Portsentry-1.2.tar.gz

 

Software Installation

Yum install-y gcc-c ++

Tar zxvf portsentry-1.2.tar.gz

Cd portsentry_beta/

Vim portsentry. c

1584 printf ("Copyright 1997-2003 Craig H. Rowland \ N "); the line cannot be broken during the next row compilation

Make linux

Make install

 

Vim/usr/local/psionic/portsentry. conf

# TCP_PORTS = "109,110,111,119,138,139,143,512,513,514,515,540,635,108, 54320"

# UDP_PORTS = "69,111,137,138,161,162,474,513,517,518,635,640,641,666,700,204, 32,770,327"

These two lines define port policies

83 IGNORE_FILE = "/usr/local/psionic/portsentry. ignore"

This row defines ip denied.

87 BLOCKED_FILE = "/usr/local/psionic/portsentry. blocked"

This line defines the rejection of ip records

 

 

132 BLOCK_UDP = "1"

133 BLOCK_TCP = "1

Scan IP addresses. 0 indicates no action, 1 indicates firewall blocking, and 2 indicates script execution.

211 KILL_ROUTE = "/sbin/ipfw add 1 deny all from $ TARGET $: commandid 255.255 to any"

Iptables blocking

 

 

/Usr/local/psionic/portsentry-tcp TCP basic port binding. the configuration file Port prevails.

/Usr/local/psionic/portsentry-udp UDP basic port binding. the configuration file Port prevails.

/Usr/local/psionic/portsentry-stcp TCP private detection, only records that do not respond to port opening

/Usr/local/psionic/portsentry-sudp UDP private detection, only records that do not respond to port opening

/Usr/local/psionic/portsentry-stcp UDP advanced secret detection, automatically select the listening port

/Usr/local/psionic/portsentry-audp UDP advanced security detection, automatically select the listening port

 

Verify

 

Nmap-sS www.2cto.com
Starting Nmap 4.11 (http://www.insecure.org/nmap/) at CST
Interesting ports on typecho.domain.com (192.168.1.2 ):
Not shown: 1654 closed ports
PORT STATE SERVICE
1/tcp open tcpmux
11/tcp open protocol
15/tcp open netstat
22/tcp open ssh
79/tcp open finger
80/tcp open http
111/tcp open rpcbind
119/tcp open nntp
143/tcp open imap
443/tcp open https
540/tcp open uucp
635/tcp open unknown
1080/tcp open socks
1524/tcp open ingreslocks
2000/tcp open callbook
3306/tcp open mysql
6667/tcp open irc
12345/tcp open NetBus
12346/tcp open NetBus
27665/tcp open Trinoo_Master
31337/tcp open Elite
32771/tcp open sometimes-rpc5
32772/tcp open sometimes-rpc7
32773/tcp open sometimes-rpc9
32774/tcp open sometimes-rpc11
54320/tcp open bo2k

 

View firewall blocking Records
Cat/etc/hosts. deny
ALL: 192.168.1.6

So far, PortSentry is complete.