psd module logging, but not blocking
Frank
duranicub@gmx.net
Fri, 5 Oct 2001 17:15:25 +0200
And how should be such an szub chain ?
sorry i read only logging Function in the psd help
i have
$IPTABLES -t nat -i ppp0 -A PREROUTING -m state --state NEW -j DROP
--
Frank
From: "Dennis Koslowski" <dkoslowski@astaro.com>
> A better solution is probably a sub-chain for scan packets. In this case
> you don't need the second psd matching (it's just a time waste), and
> you are able to manipulate only the scan packets.
>
> --
> Dennis Koslowski <dkoslowski@astaro.de> | Product Development
> Astaro AG | http://www.astaro.de | +49-721-490069-0 | Fax -55
>
>
> > -----Original Message-----
> > From: Antonio Paulo Salgado Forster [mailto:aforster@br.ibm.com]
> > Sent: Wednesday, October 03, 2001 3:09 PM
> > To: netfilter@lists.samba.org
> > Subject: psd module logging, but not blocking
> >
> >
> > Hello,
> >
> > I've been trying to use the portscan detector module, but I'm
> > having some strange behavior.. it logs the portscan, but it
> > doesnt blocks
> > it..
> >
> > This is an example of the rules:
> >
> > /usr/sbin/iptables -A INPUT -m psd -m limit --psd-delay-threshold 3
> > --limit 1/min -j LOG --log-prefix "PORTSCAN: "
> > /usr/sbin/iptables -A INPUT -m psd --psd-delay-threshold 3 -j DROP
> >
> > I noticed that even when using only the second rule
> > (with the DROP
> > target), the portscanner detects all open ports, so I figure
> > netfilter is
> > not blocking the packets.
> >
> > When the first rule is active, it logs the portscan
> > very well, as
> > it should.
> >
> > Any comments?
> >
> > thanks
> >
> > Forster
> >
>
>