This post will show you how to configure Port Scan Attack Detector (or PSAD) to ignore specific IP ranges.
What is PSAD?
PSAD is a collection of lightweight system daemons that run on Linux. You use PSAD to analyze the ‘
Examples of PSAD Alerts
Here are some examples of PSAD email alerts:
Home Network
[psad-alert] DL3 src: 192.168.1.103 dst: ap-op-mars.local
NetRange: 192.168.0.0 – 192.168.255.255
CIDR: 192.168.0.0/16
Comment: This is a computer on the local network.
Google DNS
[psad-alert] DL2 src: google-public-dns-a.google.com dst: ap-op-mars.local
NetRange: 8.0.0.0 – 8.127.255.255
CIDR: 8.0.0.0/9
Comment: Google DNS services is interacting with the local pc.
Local
[psad-alert] DL5 src: thehost.com dst: thehost.com
NetRange: 127.0.0.0 – 127.255.255.255
CIDR: 127.0.0.0/8
Comment: This is the local pc.
How to Ignore IP Ranges in PSAD
Open the PSAD /etc/psad/auto_dl file and add the following lines:
127.0.0.0/8 0; # Ignore on server calls
192.168.0.0/16 0; # Ignore home network
8.0.0.0/9 0; #ignore goodle dns
Restart PSAD when you updated the auto_dl file:
sudo service psad restart
In Conclusion
Adjusting the IP rules for PSAD is quite easy! Need more help? Then read ‘blocking port scan attack‘ by OpenToDo for some brilliant in-depth information.
I hope you liked this post. If so, please click the like button and you will receive a million years of good Luck! Feel free to read other great posts at https://anto.online/.
About the Authors
Each member of Anto's editorial team is a Cloud expert in their own right. Anto Online takes great pride in helping fellow Cloud enthusiasts. Let us know if you have an excellent idea for the next topic!
Support the Cause
Support Anto Online and buy us a coffee. Anything is possible with coffee and code.
