Detect Topera IPv6 scans when IP options are logged
Added detection for Topera IPv6 scans when --log-ip-options is used in
the ip6tables logging rule. When this option is not used, the previous psad-2.2 release detected Topera scans. An example TCP SYN packet
generated by Topera when --log-ip-options is used looks like this (note the series of empty IP options strings "OPT ( )":
Dec 20 20:10:40 rohan kernel: [ 488.495776] DROP IN=eth0 OUT= MAC=00:1b:b9:76:9c:e4:00:13:46:3a:41:36:86:dd
SRC=2012:1234:1234:0000:0000:0000:0000:0001 DST=2012:1234:1234:0000:0000:0000:0000:0002 LEN=132 TC=0 HOPLIMIT=64
FLOWLBL=0 OPT ( ) OPT ( ) OPT ( ) OPT ( ) OPT ( ) OPT ( ) OPT ( ) OPT ( ) OPT ( ) PROTO=TCP SPT=61287 DPT=1 WINDOW=8192 RES=0x00 SYN
URGP=0
projects / psad.git / commit