This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

traceroute = portscan (?)

Greetings,

I've defined my network (perhaps improperly) as my-net: 192.168.1.0/255.255.255.0

As a Packet Filter Rule I've defined:

my-net { traceroute } Any Allow

However, when I do a traceroute from 192.168.1.20 to www.astaro.org (for example)

I get this in my /var/log/kernel:

Oct 25 00:27:31 vishnu kernel: Portscan detected: IN=eth0 OUT=eth1 SRC=192.168.1.20 DST=128.242.218.125 LEN=38 TOS=0x00 PREC=0x00 TTL=16 ID=57424 PROTO=UDP SPT=57373 DPT=33485 LEN=18

I'm at a loss. Please help. :-)

Cheers,
-zeek

This thread was automatically locked due to age.

Parents

0 Rickard over 23 years ago

A traceroute looks like a portscan to the portscan detector.
Try using "PSD Network Exclusion" to exclude some combinations of network traffic from the PSD.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Rickard over 23 years ago

A traceroute looks like a portscan to the portscan detector.
Try using "PSD Network Exclusion" to exclude some combinations of network traffic from the PSD.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data