This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Portscan Detection not working on 5.011

Dear All,

I've enabled the Portscan detection and removed all networks from the list so that all networks are protected...

Then I've set notification Levels (Detected/blocked) both on High and Mediun severity.

I've then did a scanning test using the Gibson research Shields-up test for the first 1056 ports... (www.grc.com)

After the scanning was finished, The checking was not blackholed (it still showed port 443 open after scanning 442 ports the portscan detector was not triggered) and no
notification email was received althogh portscan detection is enabled.

What are the pre-requisite to have portscan working? there is no option to blackhole a portscan user?

Thank you in advance!

neko.

This thread was automatically locked due to age.

Parents

0 bce over 21 years ago

i got same problems. i don´t know if this is a known issue or what is going on with ips.
Cancel
Vote Up 0 Vote Down

Cancel
0 alasc over 21 years ago in reply to bce

Same problem even after reinstalling from scratch V5.011 ISO

Hope they will fix it soon!

Alex
Cancel
Vote Up 0 Vote Down

Cancel
0 Simon Shaw over 21 years ago in reply to alasc

I find portscan detection pretty useless anyway. I get scanned almost 24/7 so being informed of being scanned isn't very useful.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Simon Shaw over 21 years ago in reply to alasc

I find portscan detection pretty useless anyway. I get scanned almost 24/7 so being informed of being scanned isn't very useful.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 ^-^Neko over 21 years ago in reply to Simon Shaw

Actually it's not matter of being informed or not.... the important is to blackhole the source... so that no further attack is perfomed from that Ip...

An option to notify or not the portscans... would be nice as well....
Cancel
Vote Up 0 Vote Down

Cancel