Hi, I have defined in my psad.conf: ENABLE_AUTO_IDS Y; AUTO_IDS_DANGER_LEVEL 3;
I have received this mail from psad daemon: =-=-=-=-=-=-=-=-=-=-=-= Mon Nov 16 16:43:37 2009 =-=-=-=-=-=-=-=-=-=-=-= Danger level: [3] (out of 5) Scanned UDP ports: [7413: 1 packets, Nmap: -sU] iptables chain: INPUT (prefix "Inbound"), 1 packets Source: 81.201.48.209 DNS: lbcfree.nfx.cz Destination: xx.xxx.xxx.xxx DNS: xxx.xxx.xxx Overall scan start: Tue Nov 10 20:46:32 2009 Total email alerts: 2 Complete UDP range: [6501-18885] .................... =-=-=-=-=-=-=-=-=-=-=-= Mon Nov 16 16:43:37 2009 =-=-=-=-=-=-=-=-=-=-=-= But psad doesn't block this IP: $ psad --status-ip 81.201.48.209 ......... iptables auto-blocking status for: 81.201.48.209: [NONE] ......... Why psad didn't block this IP? Regards. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss