El 21/11/09 16:10, Michael Rash escribió: > On Nov 16, 2009, Sim?n wrote: > > >> Hi, >> > Hello, > > >> I have defined in my psad.conf: >> ENABLE_AUTO_IDS Y; >> AUTO_IDS_DANGER_LEVEL 3; >> > That looks good. > > >> I have received this mail from psad daemon: >> >> =-=-=-=-=-=-=-=-=-=-=-= Mon Nov 16 16:43:37 2009 =-=-=-=-=-=-=-=-=-=-=-= >> >> Danger level: [3] (out of 5) >> >> Scanned UDP ports: [7413: 1 packets, Nmap: -sU] >> iptables chain: INPUT (prefix "Inbound"), 1 packets >> >> Source: 81.201.48.209 >> DNS: lbcfree.nfx.cz >> >> Destination: xx.xxx.xxx.xxx >> DNS: xxx.xxx.xxx >> >> Overall scan start: Tue Nov 10 20:46:32 2009 >> Total email alerts: 2 >> Complete UDP range: [6501-18885] >> >> .................... >> >> =-=-=-=-=-=-=-=-=-=-=-= Mon Nov 16 16:43:37 2009 =-=-=-=-=-=-=-=-=-=-=-= >> >> But psad doesn't block this IP: >> >> $ psad --status-ip 81.201.48.209 >> ......... >> iptables auto-blocking status for: 81.201.48.209: >> [NONE] >> ......... >> >> Why psad didn't block this IP? >> > Is ENABLE_AUTO_IDS_REGEX enabled in psad.conf? > ENABLE_AUTO_IDS_REGEX Y; ENABLE_AUTO_IDS_EMAILS Y; > Also, does psad block any IP addresses? Or does it seem to single the > one you have above out to ignore? > psad doesn't block any IP with DL >= 3.
Regards. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss
