On Thursday 2011-08-11 16:32, andreas wrote: >On 08/11/2011 03:54 PM, Jan Engelhardt wrote: >>> On Thursday 2011-08-11 12:16, andreas wrote: >>> >>>>> Hi, >>>>> >>>>> But i can't get psd to detect nmap UDP scans. 15:08 < norg> >>>>> xv7: it's the commit adabd647b1d0421f961b5cc3808128001facb9bd >>> >>> Oh yeah, that is strikingly obvious. Fixed in commit >>> v1.37-5-g6c17eb4 (psd branch). >>> > >Is working now with nmap -sU scans. Thanks. >Also Thanks for the further informations. > >So still one question open. What is the reason, that ACK Scans aren't >detected (with nmap -sA $IP)? They should be classified as -m conntrack --ctstate INVALID, since they won't match anything preexisting. Assuming this is not the case (e.g. due to liberal pickup of connections, see a similarly named sysctl), how else would you determine that they are not real? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
