Mdthbs

What is game ban VS VAC ban in steam?

Can a non-EU citizen travel within the Schengen area without identity documents?

Can a helicopter mask itself from Radar?

Mother abusing my finances

Does `declare -a A` create an empty array `A` in Bash?

Beginner's snake game using PyGame

When was the expression "Indian file" first used in English?

What is the intuition behind uniform continuity?

Do creatures all have the same statistics upon being reanimated via the Animate Dead spell?

Can you move on your turn, and then use the Ready Action to move again on another creature's turn?

What are the slash markings on Gatwick's 08R/26L?

Rotated Position of Integers

Should I run RG8x / mini8 zip tied to a cat 5e ethernet cable?

Differences between “pas vrai ?”, “c’est ça ?”, “hein ?”, and “n’est-ce pas ?”

Where did the “vikings wear helmets with horn” stereotype come from and why?

What is the difference between nullifying your vote and not going to vote at all?

How can I prevent interns from being expendable?

Are UK pensions taxed twice?

Thousands and thousands of words

Possible nonclassical ion from a bicyclic system

Biblical Basis for 400 years of silence between old and new testament

How can I grammatically understand "Wir über uns"?

What is the 中 in ダウンロード中？

Different PCB color ( is it different material? )

psad keeps removing and adding bad IP even though bad IP set in auto_dl

IP set to block access to exim and dovecotWhat are the pros and cons to editing iptables configuration file vs adding rules via the iptables commandIs there a way to match an inet and inet6 IP set in a single rule?DROP all for port 22 if not geoip set of US for iptables and xtablesMove iptables rule (w/o removing and adding)How can I set up the ULOG target with iptables and MySQLUsing IPTables to Block Ports to Class A Subnets While Allowing Web Ports (80/443)iptables are running on reboot even though firewalld and iptables service are not started. Why?Linux starts using 4G dongle when plugged even though wifi dongle is set to default

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}

-1

I've set a bad IP to auto_dl with DL 5. This IP keeps hammering my server. So, I thought it'd be a good idea to put it in this file. Unfortunately, I've got this:

# systemctl status psad

mai 28 15:58:58 psad[30129]: src: 110.249.212.46 signature match: "BACKDOOR DoomJuice f

mai 28 15:58:58 psad[30129]: scan detected (Nmap -sT or -sS scan): 110.249.212.46 -> 19

mai 28 16:00:30 psad[30129]: src: 85.209.0.69 signature match: "MISC MS Terminal Server

mai 28 16:00:30 psad[30129]: scan detected (Nmap -sT or -sS scan): 85.209.0.69 -> 193.3

mai 28 16:01:42 psad[30129]: removed iptables auto-block against 92.118.37.81

mai 28 16:01:57 psad[30129]: scan detected (Nmap -sT or -sS scan): 92.118.37.81 -> 193.

mai 28 16:01:57 psad[30129]: added iptables auto-block against 92.118.37.81 (unlimited

mai 28 16:02:23 psad[30129]: removed iptables auto-block against 92.118.37.81

mai 28 16:02:28 psad[30129]: scan detected (Nmap -sT or -sS scan): 92.118.37.81 -> 193.

mai 28 16:02:28 psad[30129]: added iptables auto-block against 92.118.37.81

When I input psad -S, I've got:

# psad -S



[+] Top 25 attackers:

      92.118.37.81    DL: 5, Packets: 10, Sig count: 0

…



iptables auto-blocked IPs:

      92.118.37.81 (unlimited timeout)

            [expired timeout, sending cleanup message]

Unfortunately, after some time, the bad IP disappear:

iptables auto-blocked IPs:

        [NONE]

I'd like the bad IP to remain blocked. I thought auto_dl file would enable that, but it does not. What I also find bizarre is the conflicting statements: unlimited timeout vs. expired timeout

It used to work properly, then suddenly for no reason psad keeps removing and adding the IP. The IP is normally of DL 2, but I set it to DL 5 in auto_dl file.

My psad.conf settings are:

• 
  ENABLE_AUTO_IDS set to Y
  


• 
  AUTO_IDS_DANGER_LEVEL set to 4
  


• 
  ENABLE_AUTO_IDS_EMAILS set to Y
  


• 
  EMAIL_ALERT_DANGER_LEVEL set to 4
  


• 
  IPT_SYSLOG_FILE set to /var/log/syslog
  


• 
  AUTO_BLOCK_TIMEOUT set to 3600
  

iptables psad

share|improve this question

asked 2 hours ago

FaxopitaFaxopita

458

add a comment | 

-1

I've set a bad IP to auto_dl with DL 5. This IP keeps hammering my server. So, I thought it'd be a good idea to put it in this file. Unfortunately, I've got this:

# systemctl status psad

mai 28 15:58:58 psad[30129]: src: 110.249.212.46 signature match: "BACKDOOR DoomJuice f

mai 28 15:58:58 psad[30129]: scan detected (Nmap -sT or -sS scan): 110.249.212.46 -> 19

mai 28 16:00:30 psad[30129]: src: 85.209.0.69 signature match: "MISC MS Terminal Server

mai 28 16:00:30 psad[30129]: scan detected (Nmap -sT or -sS scan): 85.209.0.69 -> 193.3

mai 28 16:01:42 psad[30129]: removed iptables auto-block against 92.118.37.81

mai 28 16:01:57 psad[30129]: scan detected (Nmap -sT or -sS scan): 92.118.37.81 -> 193.

mai 28 16:01:57 psad[30129]: added iptables auto-block against 92.118.37.81 (unlimited

mai 28 16:02:23 psad[30129]: removed iptables auto-block against 92.118.37.81

mai 28 16:02:28 psad[30129]: scan detected (Nmap -sT or -sS scan): 92.118.37.81 -> 193.

mai 28 16:02:28 psad[30129]: added iptables auto-block against 92.118.37.81

When I input psad -S, I've got:

# psad -S



[+] Top 25 attackers:

      92.118.37.81    DL: 5, Packets: 10, Sig count: 0

…



iptables auto-blocked IPs:

      92.118.37.81 (unlimited timeout)

            [expired timeout, sending cleanup message]

Unfortunately, after some time, the bad IP disappear:

iptables auto-blocked IPs:

        [NONE]

I'd like the bad IP to remain blocked. I thought auto_dl file would enable that, but it does not. What I also find bizarre is the conflicting statements: unlimited timeout vs. expired timeout

It used to work properly, then suddenly for no reason psad keeps removing and adding the IP. The IP is normally of DL 2, but I set it to DL 5 in auto_dl file.

My psad.conf settings are:

• 
  ENABLE_AUTO_IDS set to Y
  


• 
  AUTO_IDS_DANGER_LEVEL set to 4
  


• 
  ENABLE_AUTO_IDS_EMAILS set to Y
  


• 
  EMAIL_ALERT_DANGER_LEVEL set to 4
  


• 
  IPT_SYSLOG_FILE set to /var/log/syslog
  


• 
  AUTO_BLOCK_TIMEOUT set to 3600
  

iptables psad

share|improve this question

asked 2 hours ago

FaxopitaFaxopita

458

add a comment | 

I've set a bad IP to auto_dl with DL 5. This IP keeps hammering my server. So, I thought it'd be a good idea to put it in this file. Unfortunately, I've got this:

# systemctl status psad

mai 28 15:58:58 psad[30129]: src: 110.249.212.46 signature match: "BACKDOOR DoomJuice f

mai 28 15:58:58 psad[30129]: scan detected (Nmap -sT or -sS scan): 110.249.212.46 -> 19

mai 28 16:00:30 psad[30129]: src: 85.209.0.69 signature match: "MISC MS Terminal Server

mai 28 16:00:30 psad[30129]: scan detected (Nmap -sT or -sS scan): 85.209.0.69 -> 193.3

mai 28 16:01:42 psad[30129]: removed iptables auto-block against 92.118.37.81

mai 28 16:01:57 psad[30129]: scan detected (Nmap -sT or -sS scan): 92.118.37.81 -> 193.

mai 28 16:01:57 psad[30129]: added iptables auto-block against 92.118.37.81 (unlimited

mai 28 16:02:23 psad[30129]: removed iptables auto-block against 92.118.37.81

mai 28 16:02:28 psad[30129]: scan detected (Nmap -sT or -sS scan): 92.118.37.81 -> 193.

mai 28 16:02:28 psad[30129]: added iptables auto-block against 92.118.37.81

When I input psad -S, I've got:

# psad -S



[+] Top 25 attackers:

      92.118.37.81    DL: 5, Packets: 10, Sig count: 0

…



iptables auto-blocked IPs:

      92.118.37.81 (unlimited timeout)

            [expired timeout, sending cleanup message]

Unfortunately, after some time, the bad IP disappear:

iptables auto-blocked IPs:

        [NONE]

I'd like the bad IP to remain blocked. I thought auto_dl file would enable that, but it does not. What I also find bizarre is the conflicting statements: unlimited timeout vs. expired timeout

It used to work properly, then suddenly for no reason psad keeps removing and adding the IP. The IP is normally of DL 2, but I set it to DL 5 in auto_dl file.

My psad.conf settings are:

• 
  ENABLE_AUTO_IDS set to Y
  


• 
  AUTO_IDS_DANGER_LEVEL set to 4
  


• 
  ENABLE_AUTO_IDS_EMAILS set to Y
  


• 
  EMAIL_ALERT_DANGER_LEVEL set to 4
  


• 
  IPT_SYSLOG_FILE set to /var/log/syslog
  


• 
  AUTO_BLOCK_TIMEOUT set to 3600
  

iptables psad

share|improve this question

asked 2 hours ago

FaxopitaFaxopita

458

# systemctl status psad

mai 28 15:58:58 psad[30129]: src: 110.249.212.46 signature match: "BACKDOOR DoomJuice f

mai 28 15:58:58 psad[30129]: scan detected (Nmap -sT or -sS scan): 110.249.212.46 -> 19

mai 28 16:00:30 psad[30129]: src: 85.209.0.69 signature match: "MISC MS Terminal Server

mai 28 16:00:30 psad[30129]: scan detected (Nmap -sT or -sS scan): 85.209.0.69 -> 193.3

mai 28 16:01:42 psad[30129]: removed iptables auto-block against 92.118.37.81

mai 28 16:01:57 psad[30129]: scan detected (Nmap -sT or -sS scan): 92.118.37.81 -> 193.

mai 28 16:01:57 psad[30129]: added iptables auto-block against 92.118.37.81 (unlimited

mai 28 16:02:23 psad[30129]: removed iptables auto-block against 92.118.37.81

mai 28 16:02:28 psad[30129]: scan detected (Nmap -sT or -sS scan): 92.118.37.81 -> 193.

mai 28 16:02:28 psad[30129]: added iptables auto-block against 92.118.37.81

# psad -S



[+] Top 25 attackers:

      92.118.37.81    DL: 5, Packets: 10, Sig count: 0

…



iptables auto-blocked IPs:

      92.118.37.81 (unlimited timeout)

            [expired timeout, sending cleanup message]

iptables auto-blocked IPs:

        [NONE]

share|improve this question

asked 2 hours ago

FaxopitaFaxopita

458

share|improve this question

asked 2 hours ago

FaxopitaFaxopita

458

asked 2 hours ago

FaxopitaFaxopita

458

asked 2 hours ago

FaxopitaFaxopita

458