#!/usr/bin/perl -w

# scan-detect

# Script to be called from portsentry with two arguments (ip, port)
# of a host that a portscan was detected from.

# Written October 1999 by Ben Gertzfield <che@debian.org>
# This work is released under the GNU GPL, version 2 or later.

use Sys::Hostname;

die "Usage: $0 host port\n" if (@ARGV != 2);

my ($target, $port) = @ARGV;

my $to = 'root';

my $subject = "WARNING: portscan from $target:$port";

open MAIL, qq(|mail -s "$subject" $to) or die "Couldn't open pipe to mail: $!\n";

my $time = scalar localtime;
my $hostname = hostname;

print MAIL <<"__EOF__";
This is a mail from $0 on $hostname.

Portsentry has detected a portscan at $time 
from the host `$target' and the port `$port'.

If portsentry has been configured to do so, incoming packets from
`$target' will now be dropped automatically.  If this is not what you
wish, you may want to make sure there are no routes, ipchains rules,
or ipfwadm rules dropping traffic from that host.

__EOF__

close MAIL or die "Couldn't close pipe to mail: $!\n";