PortSentry

[Bruno MAC Castro <bruno.castro () novabase pt>]

Hi all,

I have just installed PortSentry on a test machine. The main goal is to test
and analyse all its IDS features mainly regarding its capacity to detect
malicious traffic and routing features. However, I am having some issues
about its configuration and reaction speed.

I was using its reaction option by running a script when something is not
correct (traffic). The script is updating my iptables and logging modules.

It would be very useful to have "real" configuration PortSentry files, so I
can compare and learn the best optimized options on it. Any interesting link
about the issue would be appreciated.


Best regards,

Bruno