|
|
发表于 2007-5-9 17:27:11
|
显示全部楼层
1. in ROS took this command from the demo2.mt.lv:
add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment="detect and drop port scan connections" disabled=no
2. For English
From Netfilter.org:
3.12 psd patch
This patch by Dennis Koslowski adds a new match that will attempt to detect port scans.
In its simplest form, psd match can be used as follows :
# iptables -A INPUT -m psd -j DROP
# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere psd weight-threshold: 21 delay-threshold: 300 lo-ports-weight: 3 hi-ports-weight: 1
Supported options for psd match are :
[--psd-weight-threshold threshold]
-> Portscan detection weight threshold
[--psd-delay-threshold delay]
-> Portscan detection delay threshold
[--psd-lo-ports-weight lo]
-> Privileged ports weight
[--psd-hi-ports-weight hi]
-> High ports weight
[--psd-hi-ports-weight hi]
Values here appear as the MT documentation with the exception of Delay Threshold which is 300 here and 3s in the MT documentation.
I'd suggest a review of the web documentation for IPTABLES and PSD for more information.
3. For chinese
CONFIG_IP_NF_MATCH_PSD, 支持端口扫描检测(PSD ortScanDetection). 可以检测TCP和UDP端口扫描. 它源自Solar Designer磗 scanlogd.
支持的选项:
--psd-weight-threshold
从同一主机发往不同目的端口的TCP/UDP包的总的优先级,被用来作为端口扫描次序
--psd-delay-threshold
由同一主机发往不同目的端口的包的延迟 (in hundredths of second) ,用来作为可能的端口扫描子次序
--psd-lo-ports-weight
特权目的端口的优先级,即目标端口(<=1024)的优先级
--psd-hi-ports-weight
非特权目的端口的优先级(>1024).
举例:iptables -A INPUT -m psd -j DROP
CONFIG_IP_NF_MATCH_RPC,支持两个模块ip_conntrack_rpc_udp和ip_conntrack_rpc_tcp (用来分别跟踪UDP和TCP的端口映射请求),在iptabIe 中添加record_rpc(用来匹配是否包的源地址已经发过端口映射请求,或者是一个新的发往端口映射的GET请求,以允许RPC过滤) |
|
|Archiver|手机版|小黑屋|软路由
( 渝ICP备15001194号-1|
渝公网安备 50011602500124号 )
IP卡
狗仔卡
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
