The Portsentry Daemon binds to a selection of unused network ports. The goal is to log any attempts to access those ports. Portsentry can also do any of the following when it recieves a packet to a port it is monitoring:
- "Null route" the packet to nowhere,
- add a block rule to the local firewall (a cheap IDS/IPS to block hosts attacking you), or
- run an arbitary command defined in the configration.
Portsentry can be used to detect half-open and other sealth scans against a network and host.
Details on how to configure Portsentry may be found at: