Search found 14 matches

by Domineaux
25 Jan 2013, 13:50
Forum: General Discussion (csf)
Topic: "port flood" treated as "port scan" resulting in blocks
Replies: 2
Views: 4494

Re: "port flood" treated as "port scan" resulting in blocks

Thank you for the work around but are you sure that this is really the intended functionality instead of a byproduct of the way the logs are searched? Seems like the "Port Flood" log entries were a good idea so we could tell if someone was getting throttled but the "Port Scan" fu...
by Domineaux
25 Jan 2013, 00:03
Forum: General Discussion (csf)
Topic: "port flood" treated as "port scan" resulting in blocks
Replies: 2
Views: 4494

"port flood" treated as "port scan" resulting in blocks

I have found that it a users IP gets throttled by the PORTFLOOD limit, it is logged as *Port Flood* but LFD seeing 11 of them (one more than the defined PS_LIMIT of 10) will result in LFD adding a temporary deny against the IP for "*Port Scan* detected".
by Domineaux
02 Jul 2012, 23:43
Forum: Report Bugs (csf)
Topic: Global ignore list seems to cause high CPU usage
Replies: 9
Views: 9007

Re: Global ignore list seems to cause high CPU usage

Thanks for the quick resolution Chirpy.
by Domineaux
02 Jul 2012, 21:59
Forum: Report Bugs (csf)
Topic: Global ignore list seems to cause high CPU usage
Replies: 9
Views: 9007

Re: Global ignore list seems to cause high CPU usage

Thanks that should help as a quick and dirty improvement.
Hope you can get a more refined way of handling into a future release.
by Domineaux
02 Jul 2012, 18:49
Forum: Report Bugs (csf)
Topic: Global ignore list seems to cause high CPU usage
Replies: 9
Views: 9007

Global ignore list seems to cause high CPU usage

Hello Chirpy, I have recently been seeing frequent high CPU usage reported for LFD processes that appears to occur during the retrieval of the global ignore list we use which contains around 100 specific IP addresses and 15 class C blocks like 123.123.123.0/24 . Is there any reason that you know of ...
by Domineaux
02 Aug 2011, 15:25
Forum: Report Bugs (csf)
Topic: advanced filters do not work for csf.dyndns
Replies: 2
Views: 3844

Re: advanced filters do not work for csf.dyndns

Wonderful Chirpy, thanks!
by Domineaux
21 Jul 2011, 22:23
Forum: Report Bugs (csf)
Topic: advanced filters do not work for csf.dyndns
Replies: 2
Views: 3844

advanced filters do not work for csf.dyndns

In the dyndns file (/etc/csf/csf.dyndns) it states: # Only list fully qualified domain names (FQDN's) in this file, either on their # own to allow full access, or using Advanced Allow/Deny Filters (see # readme.txt) I have tried using the following advanced filter rule: tcp|in|d=22|s=something.dyndn...
by Domineaux
25 Mar 2010, 18:28
Forum: Suggestions (cmc)
Topic: Easier Guide
Replies: 2
Views: 8957

I think the "add your own rules" part is what throws people off on this.
I would love to see a list of optional rule sets with check boxes so we could just check those we want and they are auto downloaded and installed.
by Domineaux
21 Oct 2009, 15:20
Forum: Suggestions (csf)
Topic: Global_dyndns option
Replies: 3
Views: 4473

Wow Chirpy, nice seeing the following added in the changelog already:

Code: Select all

         Added new options GLOBAL_DYNDNS, GLOBAL_DYNDNS_INTERVAL and
	 GLOBAL_DYNDNS_IGNORE which provide for retrieval of a global DYNDNS
	 list via URL
by Domineaux
11 Oct 2009, 17:22
Forum: Suggestions (csf)
Topic: Global_dyndns option
Replies: 3
Views: 4473

chirpy wrote:I've added the idea to the dev list for the future. Great idea :)

Wonderful Chirpy, I love global options personally.
Ever considered Global conf option like:

"GLOBAL_CONF = "htp://server/csf.conf"
(or maybe sections such as the lfd portion?)