ConfigServer Community Forum

Posted: **26 Feb 2014, 12:11**

It's possible to see port reference by all IPs in "View iptables log" but ti would be much quicker to have it right in "Temporary IP Entries", sometjong like this:

Instead of:

Code: Select all

DENY	222.189.238.144	*	in	23h 55m 58s	lfd - *Port Scan* detected from 222.189.238.144 (CN/China/Jiangsu/Nanjing/-). 3 hits in the last 135 seconds

Add the port number for easy understanding which port was accessed:

Code: Select all

DENY	222.189.238.144	*	in	23h 55m 58s	lfd - *Port Scan* detected from 222.189.238.144 (CN/China/Jiangsu/Nanjing/-), on port 14235, 3 hits in the last 135 seconds

Sounds good? Is it possible?

Posted: **27 Feb 2014, 10:22**

The problem there is that a Port Scan can be triggered by a long list of ports, so this wouldn't necessarily be practical.

Posted: **27 Feb 2014, 10:25**

OK, then add a HTML title attribute to:

Code: Select all

*Port Scan*

And when you hover on it, the comma separated list would show up!

How about that?

Posted: **27 Feb 2014, 10:29**

No, it's not something we intend to implement. The detail for the port scan, as with all blocks, is sent in the email from lfd when the block occurs and you should reference that for more detail.

ConfigServer Community Forum

Temporary IP Entries: If port scan specify which port it

Temporary IP Entries: If port scan specify which port it

Re: Temporary IP Entries: If port scan specify which port it

Re: Temporary IP Entries: If port scan specify which port it

Re: Temporary IP Entries: If port scan specify which port it