* psd and active ftp mode
@ 2003-04-09 0:22 Peteris Krumins
2003-04-09 2:18 ` netfilter
2003-04-09 11:03 ` Martijn Lievaart
0 siblings, 2 replies; 3+ messages in thread
From: Peteris Krumins @ 2003-04-09 0:22 UTC (permalink / raw)
To: netfilter
hello,
i was just testing psd match and w/ ftp active mode.
I created 10000 files on the ftp server and set my ftp client to
active mode and let it download those files while having
`iptables -A INPUT -p tcp -m psd -j REJECT --reject-with tcp-reset`
(with psd default threshold/weigh values).
The psd matched 3136 packets.
Ftp server went mad issuing:
425: Unable to build data connection: Connection refused
This means i cannot relay on psd and block 'possible portscans'?
Any suggestions?
The same would happen, if i created some rules with limit match..
P.Krumins
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: psd and active ftp mode
2003-04-09 0:22 psd and active ftp mode Peteris Krumins
@ 2003-04-09 2:18 ` netfilter
2003-04-09 11:03 ` Martijn Lievaart
1 sibling, 0 replies; 3+ messages in thread
From: netfilter @ 2003-04-09 2:18 UTC (permalink / raw)
To: Peteris Krumins; +Cc: netfilter
On Tue, 2003-04-08 at 20:22, Peteris Krumins wrote:
> hello,
>
> i was just testing psd match and w/ ftp active mode.
>
> I created 10000 files on the ftp server and set my ftp client to
> active mode and let it download those files while having
> `iptables -A INPUT -p tcp -m psd -j REJECT --reject-with tcp-reset`
> (with psd default threshold/weigh values).
> The psd matched 3136 packets.
>
> Ftp server went mad issuing:
> 425: Unable to build data connection: Connection refused
>
> This means i cannot relay on psd and block 'possible portscans'?
> Any suggestions?
What are you trying to accomplish? If you want it to block all the
packets then set the threshold higher/longer and you'll catch most. If
you want it to NOT catch them, then set it shorter. Do you anticipate a
production situation where you will have 10000 sequential FTP
connections that you want to get through in a short time, or are you
trying to simulate a rapid succession of destport accesses? (were they
sequential, or was the client pulling several at a time, like 4
simultaneous transfers?)
j
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: psd and active ftp mode
2003-04-09 0:22 psd and active ftp mode Peteris Krumins
2003-04-09 2:18 ` netfilter
@ 2003-04-09 11:03 ` Martijn Lievaart
1 sibling, 0 replies; 3+ messages in thread
From: Martijn Lievaart @ 2003-04-09 11:03 UTC (permalink / raw)
To: Peteris Krumins; +Cc: netfilter
Peteris Krumins wrote:
>hello,
>
> i was just testing psd match and w/ ftp active mode.
>
> I created 10000 files on the ftp server and set my ftp client to
> active mode and let it download those files while having
> `iptables -A INPUT -p tcp -m psd -j REJECT --reject-with tcp-reset`
> (with psd default threshold/weigh values).
> The psd matched 3136 packets.
>
> Ftp server went mad issuing:
> 425: Unable to build data connection: Connection refused
>
> This means i cannot relay on psd and block 'possible portscans'?
> Any suggestions?
>
> The same would happen, if i created some rules with limit match..
>
>
>
I never have this problem. I think you should accept RELATED before the
psd match.
Martijn
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-04-09 11:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-04-09 0:22 psd and active ftp mode Peteris Krumins
2003-04-09 2:18 ` netfilter
2003-04-09 11:03 ` Martijn Lievaart
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox