Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 2312 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How works PSD?

siska
I found the following rule in my iptables:

Chain PSD_MATCHER (2 references)
PSD_ACTION  tcp  --  anywhere anywhere psd weight-threshold: 21 delay-threshold: 300 lo-ports-weight: 3 hi-ports-weight: 1

Can anybody please explain?

Thanks
Barbara


This thread was automatically locked due to age.
  • 0
    PSD stands for Port Scan Detection.
    PSD tries to detect portscans.
    if Host A tries to oben many ports of Host B it is detected as a portscan and handled as configured.

    hope that helps
    kind regards

    /polluxxx
  • 0 in reply to Polluxxx
    I was especially interested in the meaning of this:
    psd weight-threshold: 21 
    delay-threshold: 300 
    lo-ports-weight: 3 
    hi-ports-weight: 1

    WHEN precisely ASL thinks a port request is a PSD?
    Do you have documentation on this?

    Thanks
    Barbara