Thanks for your attention, but unfortunately psd match doesn't handle portsweep attacks. It only handles portscan attacks; as you know in portscan an attacker scans many ports on a specific destination, but in portsweep attacker scans a few ports on many destinations. --- On Tue, 9/23/08, Grant Taylor <gtaylor@xxxxxxxxxxxxxxxxx> wrote: From: Grant Taylor <gtaylor@xxxxxxxxxxxxxxxxx> Subject: Re: Portsweep To: "Mail List - Netfilter" <netfilter@xxxxxxxxxxxxxxx> Date: Tuesday, September 23, 2008, 4:36 PM On 09/23/08 01:51, bahamin takhtaei wrote: > Do you know How to use iptables against Portsweep attacks? There use to be a Port Scan Detection (psd) match extension that would help detecting this easier. I.e. did it look like a system was initiating a port scan, and if so, handle it accordingly (drop / reject / tar pit / etc.). I don't know what the current state of the psd match is, so you will have to find out. Grant. . . . -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
