Configure PSAD to ignore certain IP ranges

This post will show you how to configure Port Scan Attack Detector (or PSAD) to ignore specific IP ranges.

What is PSAD?

PSAD is a collection of lightweight system daemons that run on Linux. To detect port scans and other suspicious traffic, you use PSAD to analyze the ‘iptables‘ log messages. Visit http://cipherdyne.org/psad/ for more information about PSAD.

Examples of PSAD Alerts

Here are some examples of PSAD email alerts:

Home Network

[psad-alert] DL3 src: 192.168.1.103 dst: ap-op-mars.local
NetRange: 192.168.0.0 – 192.168.255.255
CIDR: 192.168.0.0/16
Comment: This is a computer on the local network.

Google DNS

[psad-alert] DL2 src: google-public-dns-a.google.com dst: ap-op-mars.local
NetRange: 8.0.0.0 – 8.127.255.255
CIDR: 8.0.0.0/9
Comment: Google DNS services are interacting with the local pc.

Local

[psad-alert] DL5 src: thehost.com dst: thehost.com
NetRange: 127.0.0.0 – 127.255.255.255
CIDR: 127.0.0.0/8
Comment: This is the local pc.

How to Ignore IP Ranges in PSAD

Open the PSAD /etc/psad/auto_dl file and add the following lines:

127.0.0.0/8         0;              # Ignore on server calls
192.168.0.0/16      0;          # Ignore home network
8.0.0.0/9           0;               #ignore goodle dns

Restart PSAD when you updated the auto_dl file:

sudo service psad restart

Wrapping up

Adjusting the IP rules for PSAD is quite easy! Need more help? Then read ‘blocking port scan attack‘ by OpenToDo for some brilliant in-depth information.

You may also be interested in

About Anto Online

Anto, a seasoned technologist with over two decades of experience, has traversed the tech landscape from Desktop Support Engineer to enterprise application consultant, specializing in AWS serverless technologies. He guides clients in leveraging serverless solutions while passionately exploring cutting-edge cloud concepts beyond his daily work. Anto's dedication to continuous learning, experimentation, and collaboration makes him a true inspiration, igniting others' interest in the transformative power of cloud computing.

View all posts by Anto Online

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.