Guard Port with Portsentry on OpenWrt


Portsentry is a tool used to avoid ports scanning a variety of activities (especially stealth scanning) is performed by hackers and make your router disappeared from hacker after scanning activity.

With Portsentry on OpenWrt it can detect and protect your router from hacker attack including port scanning, discovery, and mapping attack then block the hosts with iptables temporarily
It is recommended that you install portsentry only on public Wi-Fi or public server not on personal or office network to avoid service port problem.

Requirements

Router minimum size requirement = (125.00KB)

Installation

Step 1. Connect your router via web interface
  1. Select tabs system - software
  2. Select Update list
  3. In download and install package
  4. Fill with "portsentry"
  5. Select OK
Step 2 : Configure portsentry to block port scanning activity - Run following commands in OpenWrt's SSH
  1. cd /etc
  2. mkdir portsentry
  3. cd portsentry
  4. touch portsentry.ignore
  5. touch portsentry.history
  6. touch portsentry.blocked
  7. vi /etc/portsentry.conf
  8. Edit the files
Replace the text with the text below IGNORE_FILE="etc/portsentry/portsentry.ignore" IGNORE=FILE="var/run/portsentry/portsentry.ignore" BLOCK_FILE="var/run/portsentry/portsentry.blocked"
IGNORE_FILE="etc/portsentry/portsentry.ignore"
IGNORE_FILE="etc/portsentry/portsentry.history"
IGNORE_FILE="etc/portsentry/portsentry.blocked"
#KILL_ROUTE="/sbin/route add -host $TARGET$ reject"
KILL_ROUTE="/sbin/route add -host $TARGET$ reject"
Step 3 : Exclude You may want exclude some IP address or port from portsentry blocking to avoid false positive (Recommended) To exclude IP address from portsentry blocking, run following command:
vi /etc/portsentry/portsentry.ignore
Then add the IP address you want to exclude e.g :
  • 127.0.0.1
  • 192.168.1.1
  • 192.168.1.0/24
To exclude Port from portsentry blocking, run following command:
vi /etc/portsentry.conf
Then add the Port you want to exclude e.g :
  • ADVANCED_EXCLUDE_TCP=”22,80″
  • ADVANCED_EXCLUDE_UDP=”53″
Step 4 : Start the portsentry from router Web Interface
  1. Select tabs system - startup
  2. Find portsentry at initscript
  3. Click enabled and start
To avoid false positive you can click start first to test the configuration You're finished the steps!

Testing

To test if portsentry work properly. - In Linux
  1. Install Nmap first
  2. nmap -T4 -F 192.168.x.xxx (Your router or server ip address)
  3. After scanning complete try accessing your router web page or ssh
  4. It will be blocked
- In Windows
  1. Install port scanner first ex. Angry IP Scanner , Advanced IP Scanner , Nmap , and more.
  2. Do port scan to your Router / Server IP address
  3. After scanning complete try accessing your router web page or ssh
  4. It will be blocked
Reboot to unblock.

Troubleshooting

If there are port service can't be used or doesn't work after installation of portsentry. It is most likely the port is blocked by the portsentry. Try to read the system log to troubleshoot portsentry and exclude the IP address or port number. - On SSH
  • "logread"
- On Web interface
  • Select Tabs Status - System Log

References

  1. SourceForge.net: Sentry Tools
  2. Image by Bob Mical on Flickr

Comments