HowTo Block Network Intrusion Attempts on Ubuntu with psad

psad (Port Scan Attack Detection) is an Intrusion Detection System written in Perl that analyzes iptables logs to monitor and block potential attackers that scan your system for open ports. What it does is actively monitor the networking logs, report suspicious activity to an email address and block the attackers using iptables.

Even if Linux systems are very hard to break (as long as everything is up to date), you’ll feel safer if network traffic is monitored automatically and potential attackers are blocked before they even try anything.

Ubuntu desktops don’t have a firewall set up by default so setting up an app like psad is an option to consider in the matter of security.

HowTo Setup a Firewall on Ubuntu Using Iptables

Many Linux users, especially new ones, run their computers with nothing but the Linux OS. No network monitoring is performed, no IDS is running and no firewall is set up. While running a Linux distribution, the probability of being hacked is infinite lower than while running Windows, but still, it’s better to be safe than sorry.

This post will describe how to setup a very basic firewall using iptables by dropping all traffic by default and allowing only the traffic you really need.