PSD netfilter patch

Up
Download
Netfilter HOWTO

This patch by Dennis Koslowski <dkoslowski@astaro.de> adds a new match that will attempt to detect port scans.

In its simplest form, psd match can be used as follows :

# iptables -A INPUT -m psd -j DROP

# iptables --list
Chain INPUT (policy ACCEPT)
target  prot opt source    destination         
DROP    all  --  anywhere  anywhere    psd weight-threshold: 21 delay-threshold: 300 lo-ports-weight: 3 hi-ports-weight: 1

Supported options for psd match are :

[--psd-weight-threshold threshold]
-> Portscan detection weight threshold
[--psd-delay-threshold delay]
-> Portscan detection delay threshold
[--psd-lo-ports-weight lo]
-> Privileged ports weight
[--psd-hi-ports-weight hi]
-> High ports weight