Windows Dedicated Servers Linux Dedicated Servers Complex Solutions Exchange Dedicated Servers Custom Server Solutions Managed Grid Hosting Colocation Services Submit Request for Quote
Windows Dedicated Server Software Windows 2003 Plesk for Windows Helm for Windows Easy Admin Exchange Control Panel SQL Server 2000/2005 Cold Fusion MX Anti Virus & Security Software Linux Dedicated Server Software centOS Linux Red Hat Enterprise cPanel / Web Host Manager Fantastico DeLuxe Plesk for Linux Anti Virus Software mySQL Hosting Solutions Security Software
DEFCON Management DEFCON Structure DEFCON FAQ Enterprise Migration Services Remote Backup Service Firewall Service Advanced Spam & Virus Protection Advanced Server Support Server Monitoring Software Updates Managed DNS
DEFCON Upgrades Additional IPs URCHIN Enterprise Stats Hardware Upgrades Security Upgrades Bandwidth Load Balancing / Failover Remote Reboot Service Managed DNS Service
Data Center Network Map Network Tools Data Center Tour
Our Partners Reseller Program Affiliate Program Testimonial Videos Customers We Serve Related Links & Partners
Billing Information Open a Ticket Online Forums Service Level Agreement Terms of Service Acceptable Usage Policy IP Usage Policy Server Contract Copyright Violations
Reviews & Awards Customer Testimonials Management Team Staff Profiles Newsroom Company Overview Company Policies Copyright Violations Newsletter Signup Submit Request for Quote Job Openings

Windows Dedicated Server Software

Linux Dedicated Server Software



Steven Anderson Director of Inside Sales Steven's patience and experience with customer service is a huge plus for the Sales Team. He is always discussing ways to improve the sales process in order to ensure customers receive only the highest in customer care and service View Profile

Linux Dedicated Server Security Software

Port Sentry

The basic theory behind PortSentry operation revolves around the detection of host scans and the response that should be implemented in response to those scans. This is one reason why PortSentry should be classified as an "attack detection" tool. A network or system scan can serve as a precursor to an attack and possible intrusion. Unless attackers know beforehand which ports are open or available on a system, they will initiate a scan to determine what services the host is running. This is where PortSentry comes into play, monitoring the TCP and UDP ports on a system and, depending on how the system is configured, responding appropriately to an identified scan.

PortSentry monitors both TCP and UDP scans and, as of version 2.0, can detect stealth scans such as those produced by Nmap. Some of the scans it can detect include:

Connect scans - These are full-connection scans. The entire, three-way TCP handshake is completed before being torn down. These types of scans are also the most obvious since the target host may record the event of a connection being made from the scanning IP address.
SYN Scans - Also known as "half-open" scans, these are one way an attacker can try to enumerate ports on a system in a stealthy manner. These scans only execute the first two steps of the three-way TCP handshake. The initiating system sendsa TCP SYN packet as though it were requesting a full connection. The target system responds with a SYN-ACK packet. The initiator then sends a TCP RST (reset) packet back to the target, thereby closing the connection. The idea here is to prevent the full connection from being established since it may be logged.
FIN Scans - FIN scans - These scans use packets with the TCP FIN flag set. Typically, FIN packets are only seen during the closing sequence of a connection. Unsolicited FIN packets sent to a closed TCP port should elicit an RST packet from the target.
NULL Scans - NULL scans - NULL scans use packets without any TCP flags set. Again, as per RFC 793, this should elicit an RST packet in return.
XMAS Scans - XMAS scans - XMAS scans have the FIN, URG, and PUSH TCP flags set in the TCP header. These are technically not "normal" packets seen across the internet (or even on a local LAN) and should ellicit an RST from a closed port.
FULL-XMAS Scan - This scan has all of the TCP flags set (SYN,ACK,RST, FIN,URG,PSH). This type of packet should never be seen on a LAN, much less on the internet.
UDP Scan - This scan is detected by the presence of multiple UDP packets originating from a single IP addre