I think the portscan detection must be happening before Packet filtering, etc... even with explicit block rules that block source IPs from attackers (mostly in china, a few in russia), the portscan detection is still triggered by the blocked source IPs. Mostly just annoying, I do see the block rule in iptables.
__________________
Convergent Information Security Solutions, LLC
Astaro Preferred Solution Partner
|