wintermute's [cout at eircom.net] 15 lines of wisdom included:
> >From the server's side of the equation, you might want to think about
> leaving some ports in your firewall config open (but not actually running
> any services).
>> On these open ports you set up portsentry.
>> Then you wait for someone to smurf your server with nmap or the like and
> tertly have portsentry block out that user's ip permenantly.
> You might even think about having port sentry do a nmap on 'whoever' it was
> smurfed you to begin with.
Portsentry really isn't anything other than a port watcher, and it's
certainly not something that I'd recommend running on a honeypot.
Use something with a little more *oomph*, like snort.
RFC Networks tel: 01 8832063
www.rfc-networks.ie fax: 01 8832041
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!