This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Portscans messes up Active IP Count

It seems that when our network is scanned Active IP Count goes sky high. Every portscan report says we have 253 active IP's in our network and there should be about 50.

I haven't seen this affecting anything yet and I hope hour licenses will not get expired becaus of this behaviour.

This thread was automatically locked due to age.

0 andreas over 22 years ago

[ QUOTE ]
It seems that when our network is scanned Active IP Count goes sky high. Every portscan report says we have 253 active IP's in our network and there should be about 50.

[/ QUOTE ]
This is because of an inaccuracy of the netfilter connection tracking. For every incoming connection, the connection tracking predicts the outgoing connection. As the source IP for that connection, a random IP from the configured network on that interface is used. Therefore, possibly never-used IPs show up in the connection tracking and end up as "protected IPs". The accounting mechanism has already been altered to work around that behaviour, the fix is checked in and will be released with one of the upcoming up2dates.

[ QUOTE ]

I haven't seen this affecting anything yet and I hope hour licenses will not get expired becaus of this behaviour.

[/ QUOTE ]
No. Sit back and relax :-)
But it is always a good idea to report such behaviour. Thanks for reporting that issue.

Greets,
andreas
Cancel
Vote Up 0 Vote Down

Cancel