Hi,
I have defined in my psad.conf:
ENABLE_AUTO_IDS Y;
AUTO_IDS_DANGER_LEVEL 3;
I have received this mail from psad daemon:
=-=-=-=-=-=-=-=-=-=-=-= Mon Nov 16 16:43:37 2009 =-=-=-=-=-=-=-=-=-=-=-=
Danger level: [3] (out of 5)
Scanned UDP ports: [7413: 1 packets, Nmap: -sU]
iptables chain: INPUT (prefix "Inbound"), 1 packets
Source: 81.201.48.209
DNS: lbcfree.nfx.cz
Destination: xx.xxx.xxx.xxx
DNS: xxx.xxx.xxx
Overall scan start: Tue Nov 10 20:46:32 2009
Total email alerts: 2
Complete UDP range: [6501-18885]
....................
=-=-=-=-=-=-=-=-=-=-=-= Mon Nov 16 16:43:37 2009 =-=-=-=-=-=-=-=-=-=-=-=
But psad doesn't block this IP:
$ psad --status-ip 81.201.48.209
.........
iptables auto-blocking status for: 81.201.48.209:
[NONE]
.........
Why psad didn't block this IP?
Regards.
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss
