On Tue, 2003-04-08 at 20:22, Peteris Krumins wrote: > hello, > > i was just testing psd match and w/ ftp active mode. > > I created 10000 files on the ftp server and set my ftp client to > active mode and let it download those files while having > `iptables -A INPUT -p tcp -m psd -j REJECT --reject-with tcp-reset` > (with psd default threshold/weigh values). > The psd matched 3136 packets. > > Ftp server went mad issuing: > 425: Unable to build data connection: Connection refused > > This means i cannot relay on psd and block 'possible portscans'? > Any suggestions? What are you trying to accomplish? If you want it to block all the packets then set the threshold higher/longer and you'll catch most. If you want it to NOT catch them, then set it shorter. Do you anticipate a production situation where you will have 10000 sequential FTP connections that you want to get through in a short time, or are you trying to simulate a rapid succession of destport accesses? (were they sequential, or was the client pulling several at a time, like 4 simultaneous transfers?) j
