# ############################################################################# # # This file is used by psad to elevate/decrease the danger levels of IP # addresses (or networks in CIDR notation) so that psad does not have to # apply the normal signature logic. This is useful if certain IP addresses # or networks are known trouble makers and should automatically be assigned # higher danger levels than would normally be assigned. Also, psad can be # made to ignore certain IP addresses or networks if a danger level of "0" is # specified. Optionally, danger levels for IPs/networks can be influenced # based on protocol (tcp, udp, icmp). # ############################################################################# # # $Id: auto_dl 1480 2005-11-23 15:30:42Z mbr $ # # <IP address> <danger level> <optional protocol>/<optional ports>; # # Examples: # # 10.111.21.23 5; # Very bad IP. # 127.0.0.1 0; # Ignore this IP. # 10.10.1.0/24 0; # Ignore traffic from this entire class C. # 192.168.10.4 3 tcp; # Assign danger level 3 if protocol is tcp. # 10.10.1.0/24 3 tcp/1-1024; # Danger level 3 for tcp port range