Port Scan Attack Detector 0.9.2

From: aleph1at_private
Date: Thu Oct 04 2001 - 19:10:57 PDT

  • Next message: aleph1at_private: "filter 0.3"

    Port Scan Attack Detector 0.9.2
      by Michael Rash (http://freshmeat.net/users/michaelrash/)
      Wednesday, October 3rd 2001 14:09
    Categories: System :: Networking :: Firewalls, System :: Networking ::
    About: Port Scan Attack Detector (psad) is a program written in Perl that
    is designed to work with Linux firewalling code (iptables in the 2.4.x
    kernels, and ipchains in the 2.2.x kernels) to detect port scans. It
    features a set of highly configurable danger thresholds (with sensible
    defaults provided), verbose alert messages that include the source,
    destination, scanned port range, begin and end times, TCP flags and
    corresponding nmap options (Linux 2.4.x kernels only), email alerting, and
    automatic blocking of offending IP addresses via dynamic configuration of
    ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels
    psad incorporates many of the TCP signatures included in Snort to detect
    highly suspect scans for various backdoor programs (e.g. EvilFTP,
    GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans
    (syn, fin, Xmas) which are easily leveraged against a machine via nmap. 
    Changes: Consistency with the Filesystem Hierarchy Standard (FHS), support
    for Red Hat 7.0/7.1, a process management system which is used by the psad
    init script and includes /var/run/[daemon].pid files, addition of Psad.pm
    which contains several commonly-used functions in the various psad daemons,
    and support for ipchains firewalls on the 2.4.x kernels.
    License: GNU General Public License (GPL)
    URL: http://freshmeat.net/projects/psad/
    Elias Levy
    Si vis pacem, para bellum

    This archive was generated by hypermail 2b30 : Thu Oct 04 2001 - 19:16:04 PDT