This variable allows you to define the minimum range of ports that must be scanned before psad will assign a danger level to a port scan. By default, PORT_RANGE_SCAN_THRESHOLD is set to one, which means that at least two different
6 ulogd is the user space logging daemon provided by the Netfilter project to allow more flexible logging options than those provided by the standard LOG target. In particular, packets are managed by various ulogd plug-ins, which can do things such as log packets in pcap format to disk or even write them to a MySQL database. ulogd can be downloaded from http://www.gnumonks.org/ projects.
ports must be scanned before a danger level of one is reached. In other words, an IP address could repeatedly scan a single port and psad would never send an alert. (Alerts are not sent for any activity that does not have at least a danger level of one assigned, and psad can be configured not to send alerts until a minimum danger level from one to five is reached; see "EMAIL _ALERT_DANGER_LEVEL" below.) If you don't want psad to factor in the range of scanned ports at all, then set PORT_RANGE_SCAN_THRESHOLD to zero.
Was this article helpful?