This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Setup blackhole

Hi!

How can i setup auto block:

ex. port scanin => 24h blackhole,...etc.

I wont to change:

From

"drop" and "alert only".

to

"drop" and "blackhole".

This thread was automatically locked due to age.

Parents

0 InlineFive over 19 years ago

If the rule is Enabled and set to Drop is is automatically dropping the data. I'm not sure what you mean by Blackhole since that is generally an email term, but I think that Drop does what you want.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 InlineFive over 19 years ago

If the rule is Enabled and set to Drop is is automatically dropping the data. I'm not sure what you mean by Blackhole since that is generally an email term, but I think that Drop does what you want.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 simby over 19 years ago in reply to InlineFive

can i block attacker IP for 1h or 24h for any attack (port scan,...)
Cancel
Vote Up 0 Vote Down

Cancel
0 Zitronennetz over 19 years ago in reply to simby

In my opinion it would be a stupid feature, because a port scan isn't a "real" attack. If a "good" user triggers the port scan detection he can't connect to your server for 24hrs.
A "blocking"-feature for IDS rules would be nice but a 24hr block for a portscan is unnecessarily and afaik not available.
Cancel
Vote Up 0 Vote Down

Cancel
0 simby over 19 years ago in reply to Zitronennetz

how can i send this RQ to Astaro Team?
Cancel
Vote Up 0 Vote Down

Cancel
0 KKnecht over 19 years ago in reply to simby

Login to MyAstaro and search for "Feature Request"
Cancel
Vote Up 0 Vote Down

Cancel