Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 2582 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

anti-portscan not dropping packets.

howit
Hello again,

Testing the IDS i enabled the anti-portscan, and selected to drop packets.


i added only the internal network (private lan not dmz), then ran several portscans. It got logged, but not dropped.

is it a bug? 





18-09:00:02 fire1-1 ulogd[5755]: id="2102" severity="info" sys="SecureNet" sub="ips" name="portscan detected" action="portscan" fwrule="60017" initf="br0" outitf="br0" srcmac="0:c:29:71:ce:20" dstmac="0:1a:8c:f0:ee:20" srcip="x.x.x.251" dstip="x.x.x.209" proto="6" length="60" tos="0x00" prec="0x00" ttl="64" srcport="55739" dstport="63424" tcpflags="SYN"

2011:08:18-09:00:02 fire1-1 ulogd[5755]: id="2102" severity="info" sys="SecureNet" sub="ips" name="portscan detected" action="portscan" fwrule="60017" initf="br0" outitf="br0" srcmac="0:c:29:71:ce:20" dstmac="0:1a:8c:f0:ee:20" srcip="x.x.x.251" dstip="x.x.x.209" proto="6" length="60" tos="0x00" prec="0x00" ttl="64" srcport="52474" dstport="58678" tcpflags="SYN"

2011:08:18-09:00:02 fire1-1 ulogd[5755]: id="2102" severity="info" sys="SecureNet" sub="ips" name="portscan detected" action="portscan" fwrule="60017" initf="br0" outitf="br0" srcmac="0:c:29:71:ce:20" dstmac="0:1a:8c:f0:ee:20" srcip="x.x.x.251" dstip="x.x.x.209" proto="6" length="60" tos="0x00" prec="0x00" ttl="64" srcport="45025" dstport="7079" tcpflags="SYN"

2011:08:18-09:00:02 fire1-1 ulogd[5755]: id="2102" severity="info" sys="SecureNet" sub="ips" name="portscan detected" action="portscan" fwrule="60017" initf="br0" outitf="br0" srcmac="0:c:29:71:ce:20" dstmac="0:1a:8c:f0:ee:20" srcip="x.x.x.251" dstip="x.x.x.209" proto="6" length="60" tos="0x00" prec="0x00" ttl="64" srcport="58782" dstport="13795" tcpflags="SYN"

2011:08:18-09:00:02 fire1-1 ulogd[5755]: id="2102" severity="info" sys="SecureNet" sub="ips" name="portscan detected" action="portscan" fwrule="60017" initf="br0" outitf="br0" srcmac="0:c:29:71:ce:20" dstmac="0:1a:8c:f0:ee:20" srcip="x.x.x.251" dstip="x.x.x.209" proto="6" length="60" tos="0x00" prec="0x00" ttl="64" srcport="48745" dstport="40632" tcpflags="SYN"

2011:08:18-09:00:02 fire1-1 ulogd[5755]: id="2103" severity="info" sys="SecureNet" sub="ips" name="SYN flood detected" action="SYN flood" fwrule="60012" initf="br0" srcmac="0:c:29:71:ce:20" dstmac="0:1a:8c:f0:ee:20" srcip="x.x.x.251" dstip="x.x.x.209" proto="6" length="60" tos="0x00" prec="0x00" ttl="64" srcport="44430" dstport="20129" tcpflags="SYN"

2011:08:18-09:00:02 fire1-1 ulogd[5755]: id="2103" severity="info" sys="SecureNet" sub="ips" name="SYN flood detected" action="SYN flood" fwrule="60012" initf="br0" srcmac="0:c:29:71:ce:20" dstmac="0:1a:8c:f0:ee:20" srcip="x.x.x.251" dstip="x.x.x.209" proto="6" length="60" tos="0x00" prec="0x00" ttl="64" srcport="38186" dstport="9456" tcpflags="SYN"


This thread was automatically locked due to age.
Parents Reply Children
No Data