Hey everyone who has port sentry installed on servers, just wondering, how has port sentry worked for you?

Did it fail you or far exceeded your expectations?

We use is it too, so I would like to know how it has worked for you guys.

We should share our knowledges here to keep the bloody hackers out.

1. which ports to you think are most important.
2. ICMP packets types. I know type 17 and type 13 can be stopped at router level, but what do you guys think.
3. Which mode do you currently run most often?


etc.

Hello,

Portsentry2 has worked well for us. I feel that it is an important tool to use in the ongoing battle. I have been running it lately with the tcp=1 (dropping via iptables) and logging but not blocking udp ports (udp=0). I think it performs as expected.

Regards,

Jeff

I have been using for nearly a year now and it has been a great tool. One of my servers running it blocks about 3-5 hosts a day that are probing and prodding the box.

I run it on two servers - I drop anywhere from 2 to 10 IP addresses a day on each of them. I run it along with Logsentry so I get email reports on what it's done, and in all cases am glad it's done it.

It really will open your eyes to just what a jungle it is out there for a server!