I am using Shorewall and Psad on debian squeeze every thing is working
perfectly and as per the expectations but i can not make Psad to block the
IP.

I am scanning firewall with from another linux host with NMP

/var/log/messages (i will share in the end) shows that pscd is detecting
the packet but it is not putting the IP to block

Oct 25 13:02:29 firewall psad: src: 10.x.x.17 signature match: "MISC HP Web
JetAdmin communication attempt" (sid: 100084) tcp port: 8000
Oct 25 13:02:29 firewall psad: src: 10.x.x.17 signature match: "DOS arkiea
backup communication attempt" (sid: 282) tcp port: 617
Oct 25 13:02:29 firewall psad: src: 10.x.x.17 signature match: "MISC
Microsoft PPTP communication attempt" (sid: 100082) tcp port: 1723
Oct 25 13:02:29 firewall psad: src: 10.x.x.17 signature match: "MISC MS
Terminal Server communication attempt" (sid: 100077) tcp port: 3389
Oct 25 13:02:29 firewall psad: src: 10.x.x.17 signature match: "MISC VNC
communication attempt" (sid: 100202) tcp port: 5900
Oct 25 13:02:29 firewall psad: src: 10.x.x.17 signature match: "POLICY
vncviewer Java applet communication attempt" (sid: 1846) tcp port: 5801
Oct 25 13:02:29 firewall psad: src: 10.x.x.17 signature match: "BACKDOOR
Infector.1.x Connection attempt" (sid: 100040) tcp port: 146
Oct 25 13:02:29 firewall psad: src: 10.x.x.17 signature match: "P2P napster
communication attempt" (sid: 100090) tcp port: 8888
Oct 25 13:02:29 firewall psad: src: 10.x.x.17 signature match: "BACKDOOR
GateCrasher Connection attempt" (sid: 147) tcp port: 6969
Oct 25 13:02:29 firewall psad: src: 10.x.x.17 signature match: "P2P Napster
Client Data communication attempt" (sid: 564) tcp port: 5555
Oct 25 13:02:29 firewall psad: scan detected: 10.x.x.17 -> 10.x.x.22 tcp:
[3-65389] flags: SYN tcp pkts: 570 DL: 3



i tried several times and i see the log every time however Psad is not
proactively blocking the IP.

Any idea plz help.

Thanks,

Myk
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss

Reply via email to