|
Revision 1480, 1.1 kB
(checked in by mbr, 3 years ago)
|
implemented the ability to assign danger levels based on tcp/udp port numbers
|
- Property svn:eol-style set to
native
- Property svn:keywords set to
Author Date Id Revision
|
| Line | |
|---|
| 1 |
# |
|---|
| 2 |
############################################################################# |
|---|
| 3 |
# |
|---|
| 4 |
# This file is used by psad to elevate/decrease the danger levels of IP |
|---|
| 5 |
# addresses (or networks in CIDR notation) so that psad does not have to |
|---|
| 6 |
# apply the normal signature logic. This is useful if certain IP addresses |
|---|
| 7 |
# or networks are known trouble makers and should automatically be assigned |
|---|
| 8 |
# higher danger levels than would normally be assigned. Also, psad can be |
|---|
| 9 |
# made to ignore certain IP addresses or networks if a danger level of "0" is |
|---|
| 10 |
# specified. Optionally, danger levels for IPs/networks can be influenced |
|---|
| 11 |
# based on protocol (tcp, udp, icmp). |
|---|
| 12 |
# |
|---|
| 13 |
############################################################################# |
|---|
| 14 |
# |
|---|
| 15 |
# $Id$ |
|---|
| 16 |
# |
|---|
| 17 |
|
|---|
| 18 |
# <IP address> <danger level> <optional protocol>/<optional ports>; |
|---|
| 19 |
# |
|---|
| 20 |
# Examples: |
|---|
| 21 |
# |
|---|
| 22 |
# 10.111.21.23 5; # Very bad IP. |
|---|
| 23 |
# 127.0.0.1 0; # Ignore this IP. |
|---|
| 24 |
# 10.10.1.0/24 0; # Ignore traffic from this entire class C. |
|---|
| 25 |
# 192.168.10.4 3 tcp; # Assign danger level 3 if protocol is tcp. |
|---|
| 26 |
# 10.10.1.0/24 3 tcp/1-1024; # Danger level 3 for tcp port range |
|---|
