Hi, is there any reason why you should not use a tool designed for this purpose?
I use psad for portscan detection, and you can use it, if you want, for blocking too. But with portscans you have to be careful, the source IP could be spoofed, and you might block wanted traffic. Ossec works fine on layer7 detection, on layer 3 and 4 there are more specialized tools. http://cipherdyne.org/psad/ greets, Rainer On Wed, 2011-06-15 at 19:36 -0300, Alexandro Silva wrote: > Hi all, > > I need a little help to block portscanners using iptables and ossec. I > configured the ossec to read the iptables log in /var/log/iptables > directory but it is not blocking the portscan action. >
