Hi all,
I am implementing PSD (Port Scan Detection) on a Mirkotik Rb1100, ROS 5.21
The PSD values 21,3s,3,1 as I can understand, works as follows; during a 3 second time period the system register secuential port connections UDP and TCP and asign a value to each one of this connections, 3 points to connections under port 1024 and 1 point to connections over port 1024.
If the sum of all the connections from the same IP during the last 3 second period is bigger than threshold weight, 21, the requirements feets and the action is applied for this rule.
But, What happend with slow port scanning?
I have tried to change the PSD values using console and set command and it has not been possible, the system returns a “no such item”
Is this a bug or is there any reason not to allow modification of these values?
Best regards