On Aug 06, 2010, Rodney McKee wrote:

> Whats the best way to deal with scans against firewalls with multiple 
> external addresses?
> At the moment I'm getting alerts for each external address individually.

(Sorry for the delayed response.)

Do you want to ignore some of the external addresses altogether?  Or
summarize them in some way?  If you want to ignore some of the addresses,
you can do this with the auto_dl file.  Beyond that, I'm not sure I know
of a good way to summarize things - basically psad just interprets what
the iptables policy produces in terms of log data.  You could restrict
logging via the policy as well.

Thanks,

--Mike

> 
> Cheers,
> Rodney
> 
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by 
> 
> Make an app they can't live without
> Enter the BlackBerry Developer Challenge
> http://p.sf.net/sfu/RIM-dev2dev 
> _______________________________________________
> psad-discuss mailing list
> psad-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/psad-discuss

------------------------------------------------------------------------------
This SF.net email is sponsored by 

Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev 
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss

Reply via email to