How can i be notified is someone is running a portscan on my linux box 1

[owenbrown]

How can i be notified is someone is running a portscan on my linux box? How can I know the IP of the person doing the scan?

 

[Xemus]

You would need a Intrusion Detection System like Snort.
Full details on how to setup and run the free program can be found at the Snort site:

http://www.snort.org/

http://www.closedsocket.com

 

[owenbrown]

I ran(from another machine on a different network)
nmap -sS 45.9.3.115
nmap 45.9.3.115
nmap -O 45.9.3.115

But the port scan log is empty
# ll /var/log/portscan.log
-rw-r--r-- 1 root root 0 Dec 28 22:22 /var/log/portscan.log

even through i added
preprocessor portscan: 45.9.3.0/24 5 7 /var/log/portscan.log

# preprocessor flow: stats_interval 0 hash 2
preprocessor portscan: 45.9.3.0/24 5 7 /var/log/portscan.log
# frag2: IP defragmentation support

and started snort by running
./snort -de -l ./log

Got any tips?

 

[netbuster]

Well if you have linux then your i.p. should be dynamic and will change as soon as they port scan you,so it wont matter for a security aspect but it is alredy a good idea to see if you can find out who it is and if you can make back as good as you got (and better if possible)
cheers