Temporary IP Entries: If port scan specify which port it

Post Reply
Ilia
Junior Member
Posts: 98
Joined: 09 Feb 2013, 08:47

Temporary IP Entries: If port scan specify which port it

Post by Ilia »

It's possible to see port reference by all IPs in "View iptables log" but ti would be much quicker to have it right in "Temporary IP Entries", sometjong like this:

Instead of:

Code: Select all

DENY	222.189.238.144	*	in	23h 55m 58s	lfd - *Port Scan* detected from 222.189.238.144 (CN/China/Jiangsu/Nanjing/-). 3 hits in the last 135 seconds
Add the port number for easy understanding which port was accessed:

Code: Select all

DENY	222.189.238.144	*	in	23h 55m 58s	lfd - *Port Scan* detected from 222.189.238.144 (CN/China/Jiangsu/Nanjing/-), on port 14235, 3 hits in the last 135 seconds
Sounds good? Is it possible?
Top
ForumAdmin
Moderator
Posts: 1524
Joined: 01 Oct 2008, 09:24

Re: Temporary IP Entries: If port scan specify which port it

Post by ForumAdmin »

The problem there is that a Port Scan can be triggered by a long list of ports, so this wouldn't necessarily be practical.
Top
Ilia
Junior Member
Posts: 98
Joined: 09 Feb 2013, 08:47

Re: Temporary IP Entries: If port scan specify which port it

Post by Ilia »

OK, then add a HTML title attribute to:

Code: Select all

*Port Scan*
And when you hover on it, the comma separated list would show up!

How about that?
Top
ForumAdmin
Moderator
Posts: 1524
Joined: 01 Oct 2008, 09:24

Re: Temporary IP Entries: If port scan specify which port it

Post by ForumAdmin »

No, it's not something we intend to implement. The detail for the port scan, as with all blocks, is sent in the email from lfd when the block occurs and you should reference that for more detail.
Top
Post Reply

Return to “Suggestions (csf)”