This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Rule for FTP

Hi,

i think I have some problems in understanding the way to configure astaro for using ftp.

I made a rule: Private_Networks > FTP > Any > Allow
(Using my workstation as client instead of Private_Network results in the same problem...)

The most i CAN connect to the server but i lose connection very often. In this case ASL sends me an email with a portscan detection.

Portscan detected:
------------------
   System Date: Aug 27 2002
   System Time: 17:21:10

     Source IP: 192.168.2.201
     Target IP: 212.185.194.249

>from my internal IP to the FTP server...

AND

Portscan detected:
------------------
   System Date: Aug 27 2002
   System Time: 17:24:05

     Source IP: 192.168.2.201
     Target IP: 192.168.2.100

Does anyone know how to prevent this?

Thanks much!

patte

This thread was automatically locked due to age.

Parents

0 tom_01 over 23 years ago

Add 2 portscan detection exclusion rules like

Private_Network -> Any
Any -> Private_Network

Noone will scan 192.168.x.x networks anyway [:)]

The problem is the many subsequent FTP RETR or STOR commands cause a series of new TCP connection which look like a portscan.

/tom
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 tom_01 over 23 years ago

Add 2 portscan detection exclusion rules like

Private_Network -> Any
Any -> Private_Network

Noone will scan 192.168.x.x networks anyway [:)]

The problem is the many subsequent FTP RETR or STOR commands cause a series of new TCP connection which look like a portscan.

/tom
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Patte over 23 years ago in reply to tom_01

Hi Tom,

thanks for the answer,

but doing this won`t prevent the loss of connection, wouldn`t it?

If I open any to any with any service, i do not have those ftp problems so preventing the port scan message won`t be a "solution", I think.

Patte
Cancel
Vote Up 0 Vote Down

Cancel