Portsentry IMO falls under the category reactive loggers, it can log incoming (not outgoing) traffic including signs of scanning my checking the packets' flags, and in response can issue external commands fi, to add a host to the hosts.deny table, and/or feed it to ipchains.
In this respect it isn't different from snort (w help from say Guardian for the ext cmds).
They both rely on other apps like ipchains/tables to actually do the blocking, they are more like companion apps to a fw, not the fw app itself.
|