psad-0.9.8.tar.gz

psad-0.9.8.tar.gz: Posted May 5, 2002; Site cipherdyne.com; Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.; Changes: All four psad daemons now reference the same configuration file (/etc/psad/psad.conf). TCP wrapper support was added in the auto-blocking code. A better install strategy is now used for psadfifo in /etc/syslog.conf. The main psad code was simplified by removing all references to the Scan hash and by shortening some of the function calls.; tags | kernel, perl, tcp; systems | linux; MD5 | 3b06c6c5a028f22b8320755058de646c; Download | Favorite | Comments (0)

Comments

No comments yet, be the first!