Looking for an Ubuntu firewall script that will autoblock ips who scan ports

Looking for an Ubuntu firewall script that will autoblock ips who scan ports

"When someone tries to a blacklisted port, I'd like that IP address to be blocked at the firewall, for everything. Even port 80.
Essentially I have a webserver, and see folks walking through ports to see what's available. Obviously, they're up to no good and I'd like to slam the door on them.
Is there a script that can do this? Even if it's cron based, that's fine..."

Asked by: Guest | Views: 329

Total answers/comments: 1

Comments display order:

Guest [Entry]

"You're probably looking for psad.

psad is a collection of three
lightweight system daemons (two main
daemons and one helper daemon) that
run on Linux machines and analyze
iptables log messages to detect port
scans and other suspicious traffic. A
typical deployment is to run psad on
the iptables firewall where it has the
fastest access to log data.

And here is a great tutorial on Detecting And Blocking Port Scan Attacks In Real Time."