On Fri, Jan 20, 2017 at 7:28 PM, Oğuz İsmail Uysal <
oguzismailuy...@gmail.com> wrote:
> I have installed and configured PSAD on my server (Ubuntu 16.04 LTS), it
> works very well when I scan ports with nmap and stuff. But, however, while
> scanning with a simple python script on Python 2.7.13 for Windows, it
> automatically changes client's IP address multiple times (although there is
> nothing about it in the script) and always finds the port. So how could I
> prevent it ? Will python know that my server has blocked it and so that it
> will change IP address ?
>
Your iptables policy is the main way to 1) block attempts to connect to
ports that you don't want people to see, and 2) log traffic that isn't
accepted. With this stance properly implemented, psad can detect scans, and
iptables block traffic that you don't want to allow. A changing IP
shouldn't matter in this regard, unless your iptables policy is making
assumptions about which IP addresses or networks. Sometimes this is
important too, but it depends on how you want your policy to filter traffic.
There is a sample script to set up an iptables policy in a manner
compatible with psad here:
http://www.cipherdyne.org/LinuxFirewalls/ch01/
--Mike
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss
