Portsentry is a tool used to avoid ports scanning a variety of activities (especially stealth scanning) is performed by hackers and make your Raspberry Pi disappeared from hacker (blocked) after scanning activity.

With Portsentry on Raspberry Pi it can detect and protect your Raspberry Pi from port scanner attack (e.g. port scanning, discovery, and mapping) and block the host with Iptables temporarily

Install Portsentry

In order for the Raspberry Pi to detecting or blocking port scanner you need to install packages on the Raspberry. You are going to need the following packages

  • Portsentry
    PortSentry has the ability to detect portscans (including stealth scans) on the network interfaces of your machine. Upon alarm it can block the attacker via hosts.deny, dropped route or firewall rule. It is part of the Abacus program suite.

To install the Portsentry packages run following command:

If there are no error at installation you can continue to next step

Configure Portsentry

To configure the Portsentry, you need edit the config at /etc/portsentry folder and edit portsentry.conf file using nano or your favorite text editor

After you’ve on nano edit’s interface at portsentry.conf file, now edit the Portsentry configuration

The Configuration

The configuration is summarized, some configuration is not showed

Exclude IP Addresses

To exclude IP address from portsentry monitoring, run following command:

Then add the IP address you want to exclude e.g :

  • 127.0.0.1
  • 192.168.1.1
  • 192.168.1.0/24

Exclude Port number

To exlude Port number from portsentry monitoring, run following command:

Then add the Port number you want to exclude e.g :

  • ADVANCED_EXCLUDE_TCP=”22,80″
  • ADVANCED_EXCLUDE_UDP=”53″

Restart Portsentry

To complete the steps you need to restart Portsentry:

Testing

To test if portsentry blocking port scanner properly. – In Linux

  1. Install Nmap
  2. nmap -T4 -F 192.168.x.xxx (Raspberry Pi IP Addreses)

– In Windows

  1. Install Port Scanner program (e.g. Angry IP Scanner, Advanced IP Scanner, and Nmap)
  2. Port scan to Raspberry Pi IP Addreses

After scanning complete, try accessing monitored service (e.g. FTP, SSH, and Web Service) then it will blocked. (Reboot to unblock).

Troubleshooting

If there are unwanted port blocked or doesn’t work, Try to reading log then exclude the IP addresses or Port number

To check system log, run following commands in the terminal:

References

  1. portsentry package  – Debian’s Wiki
  2. Image by Ivan David Gomez Arce / CC BY 2.0