Port Scan Attack Detector 0.9.2 by Michael Rash (http://freshmeat.net/users/michaelrash/) Wednesday, October 3rd 2001 14:09 Categories: System :: Networking :: Firewalls, System :: Networking :: Monitoring About: Port Scan Attack Detector (psad) is a program written in Perl that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Changes: Consistency with the Filesystem Hierarchy Standard (FHS), support for Red Hat 7.0/7.1, a process management system which is used by the psad init script and includes /var/run/[daemon].pid files, addition of Psad.pm which contains several commonly-used functions in the various psad daemons, and support for ipchains firewalls on the 2.4.x kernels. License: GNU General Public License (GPL) URL: http://freshmeat.net/projects/psad/ -- Elias Levy SecurityFocus http://www.securityfocus.com/ Si vis pacem, para bellum
This archive was generated by hypermail 2b30 : Thu Oct 04 2001 - 19:16:04 PDT