Re: [psad-discuss] PSAD doesn't auto block DL 3

Sat, 21 Nov 2009 07:11:44 -0800 

On Nov 16, 2009, Sim?n wrote:

> Hi,

Hello,

> I have defined in my psad.conf:
> ENABLE_AUTO_IDS             Y;
> AUTO_IDS_DANGER_LEVEL       3;

That looks good.

> I have received this mail from psad daemon:
> 
> =-=-=-=-=-=-=-=-=-=-=-= Mon Nov 16 16:43:37 2009 =-=-=-=-=-=-=-=-=-=-=-=
> 
>           Danger level: [3] (out of 5)
> 
>      Scanned UDP ports: [7413: 1 packets, Nmap: -sU]
>         iptables chain: INPUT (prefix "Inbound"), 1 packets
> 
>                 Source: 81.201.48.209
>                    DNS: lbcfree.nfx.cz
> 
>            Destination: xx.xxx.xxx.xxx
>                    DNS: xxx.xxx.xxx
> 
>     Overall scan start: Tue Nov 10 20:46:32 2009
>     Total email alerts: 2
>     Complete UDP range: [6501-18885]
> 
> ....................
> 
> =-=-=-=-=-=-=-=-=-=-=-= Mon Nov 16 16:43:37 2009 =-=-=-=-=-=-=-=-=-=-=-=
> 
> But psad doesn't block this IP:
> 
> $ psad --status-ip 81.201.48.209
> .........
>      iptables auto-blocking status for: 81.201.48.209:
>          [NONE]
> .........
> 
> Why psad didn't block this IP?

Is ENABLE_AUTO_IDS_REGEX enabled in psad.conf?

Also, does psad block any IP addresses?  Or does it seem to single the
one you have above out to ignore?

Thanks,

--Mike


> Regards.
> 
> 
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
> trial. Simplify your report design, integration and deployment - and focus on 
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> psad-discuss mailing list
> psad-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/psad-discuss

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss

Reply via email to