Firewall, blocking host testing the same port many times?
I use the "psd" it work nice, but i miss a option:
The param "WeightThreshold": ->total weight of the latest TCP/UDP packets with <different destination ports> coming from the same host to be treated as port scan sequence
In my case many host polling the same port so many times some +10000 over 24h.
For not i just add host to a list(with a timeout of 48h) when trying port 22,23,443,445
-How to find host polling for port some port ex. 22,23 tree times over 60 second, it can be the same port all tree times.
So count every host making SYN at a port_list will be the case.