14.7. Test fire your PortSentry

The PortSentry program can be configured in six different modes of operation, but be aware that only one protocol mode type can be started at a time. To be more accurate, you can start one TCP mode and one UDP mode, so two TCP modes and one UDP modes, for example, doesn't work. The available modes are:

In my case I prefer to start TCP in Advanced TCP stealth scan detection protocol mode and UDP in Stealth UDP scan detection protocol mode. For information about the other protocol modes, please refer to the README.install and README.stealth file under the PortSentry source directory. For TCP mode I choose:

With the Advanced TCP stealth scan detection mode -atcp protocol mode type, PortSentry will first check to see what ports you have running on your server, then remove these ports from monitoring and will begin watching the remaining ports. This is very powerful and reacts exceedingly quickly for port scanners. It also uses very little CPU time.

For UDP mode I choose:

With the Stealth UDP scan detection mode -sudp protocol mode type, the UDP ports will be listed and then monitored.

To start PortSentry in the two modes selected above, use the commands:

[root@deep] /# /usr/psionic/portsentry/portsentry -atcp [root@deep] /# /usr/psionic/portsentry/portsentry -sudp

These are the files Installed by Portsentry on your system:

/usr/psionic

/usr/psionic/portsentry

/usr/psionic/portsentry/portsentry.conf

/usr/psionic/portsentry/portsentry.ignore

/usr/psionic/portsentry/portsentry