I am using Astaro 4.01, very simple Net topology. My hardware consists of a PIII, 333MHz, 256MB PC133, protecting a network of 9 nodes. My issue is with PortScan detection. I have internal network excluded, and I have portscan detection set to accept. I have several External Network Vulnerability Tools I use to test networks (based on Nessus..) I run this NVA monthly on all external networks. Included in this NVA are several portscans (by NMAP). The firewall detects them just fine and generates appropriate (if not highly verbose) entries in the various loggers.
My problem happens at midnight. Any day where a portscan (even just 1) happens, especially where the scan was a full range (1-65K) scan, the system hammers itself at midnight for several hours (sometimes untill 5:30AM). I can appreciate the massive amount of data that is probably being processed and cleaned to start the next day...Alll I need to know is can I stop, correct, or prevent this from happening (turn off PortScan detection?) Will adding hardware (memory, CPU, etc.) correct this?
Any assistance would be appreciated. [:)]
This thread was automatically locked due to age.
