This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PSD false positives

OK, I have to admit I did not follow the first rule: RTFM [:)]ents.

Maybe I just missed to config something into somewhere, but it is getting annoying

Regards

This thread was automatically locked due to age.

Parents

0 tom_01 over 23 years ago

certain types of traffic look like portscans to PSD, and there is really no method to circumvent this without knowning if legit services are running on the target machines.

this includes all services which allocate source ports in quasi-sequential order at faster rates, like ftp servers and clients (PORT/PASV) or in your case, DNS queries.

we included the "ignore" facility in 2.0 to work around this.

We'll have a full blown IDS in 3.0, hopefully [:)]

/tom
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 tom_01 over 23 years ago

certain types of traffic look like portscans to PSD, and there is really no method to circumvent this without knowning if legit services are running on the target machines.

this includes all services which allocate source ports in quasi-sequential order at faster rates, like ftp servers and clients (PORT/PASV) or in your case, DNS queries.

we included the "ignore" facility in 2.0 to work around this.

We'll have a full blown IDS in 3.0, hopefully [:)]

/tom
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data