Search found 14 matches
- 25 Jan 2013, 13:50
- Forum: General Discussion (csf)
- Topic: "port flood" treated as "port scan" resulting in blocks
- Replies: 2
- Views: 6016
Re: "port flood" treated as "port scan" resulting in blocks
Thank you for the work around but are you sure that this is really the intended functionality instead of a byproduct of the way the logs are searched? Seems like the "Port Flood" log entries were a good idea so we could tell if someone was getting throttled but the "Port Scan" fu...
- 25 Jan 2013, 00:03
- Forum: General Discussion (csf)
- Topic: "port flood" treated as "port scan" resulting in blocks
- Replies: 2
- Views: 6016
"port flood" treated as "port scan" resulting in blocks
I have found that it a users IP gets throttled by the PORTFLOOD limit, it is logged as *Port Flood* but LFD seeing 11 of them (one more than the defined PS_LIMIT of 10) will result in LFD adding a temporary deny against the IP for "*Port Scan* detected".
- 02 Jul 2012, 23:43
- Forum: Report Bugs (csf)
- Topic: Global ignore list seems to cause high CPU usage
- Replies: 9
- Views: 12485
Re: Global ignore list seems to cause high CPU usage
Thanks for the quick resolution Chirpy.
- 02 Jul 2012, 21:59
- Forum: Report Bugs (csf)
- Topic: Global ignore list seems to cause high CPU usage
- Replies: 9
- Views: 12485
Re: Global ignore list seems to cause high CPU usage
Thanks that should help as a quick and dirty improvement.
Hope you can get a more refined way of handling into a future release.
Hope you can get a more refined way of handling into a future release.
- 02 Jul 2012, 18:49
- Forum: Report Bugs (csf)
- Topic: Global ignore list seems to cause high CPU usage
- Replies: 9
- Views: 12485
Global ignore list seems to cause high CPU usage
Hello Chirpy, I have recently been seeing frequent high CPU usage reported for LFD processes that appears to occur during the retrieval of the global ignore list we use which contains around 100 specific IP addresses and 15 class C blocks like 123.123.123.0/24 . Is there any reason that you know of ...
- 02 Aug 2011, 15:25
- Forum: Report Bugs (csf)
- Topic: advanced filters do not work for csf.dyndns
- Replies: 2
- Views: 5157
Re: advanced filters do not work for csf.dyndns
Wonderful Chirpy, thanks!
- 21 Jul 2011, 22:23
- Forum: Report Bugs (csf)
- Topic: advanced filters do not work for csf.dyndns
- Replies: 2
- Views: 5157
advanced filters do not work for csf.dyndns
In the dyndns file (/etc/csf/csf.dyndns) it states: # Only list fully qualified domain names (FQDN's) in this file, either on their # own to allow full access, or using Advanced Allow/Deny Filters (see # readme.txt) I have tried using the following advanced filter rule: tcp|in|d=22|s=something.dyndn...
- 25 Mar 2010, 18:28
- Forum: Suggestions (cmc)
- Topic: Easier Guide
- Replies: 2
- Views: 40377
- 21 Oct 2009, 15:20
- Forum: Suggestions (csf)
- Topic: Global_dyndns option
- Replies: 3
- Views: 5594
Wow Chirpy, nice seeing the following added in the changelog already:
Code: Select all
Added new options GLOBAL_DYNDNS, GLOBAL_DYNDNS_INTERVAL and
GLOBAL_DYNDNS_IGNORE which provide for retrieval of a global DYNDNS
list via URL
- 11 Oct 2009, 17:22
- Forum: Suggestions (csf)
- Topic: Global_dyndns option
- Replies: 3
- Views: 5594
