Login or Register to Ask a Question and Join Our Community


Software Releases - RSS News

Port Scan Attack Detector 2.1.1 (Default branch)

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums News, Links, Events and Announcements Software Releases - RSS News Port Scan Attack Detector 2.1.1 (Default branch)
# 1  
Old 01-26-2008
Port Scan Attack Detector 2.1.1 (Default branch)
The Port Scan Attack Detector (psad) is a collection of three system daemons that are designed to work with the Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults), verbose alert messages, email alerting, DShield reporting, and automatic blocking of offending IP addresses. Psad incorporates many of the packet signatures included in Snort to detect various kinds of suspicious scans, and implements the same passive OS fingerprinting algorithm used by p0f. License: GNU General Public License (GPL) Changes:
A new feature whereby iptables log data can be acquired just by parsing an existing file (/var/log/messages by default) that is written to by syslog was added. Better installation support was provided for various Linux distributions, including Fedora 8 and Ubuntu. Situations where either the /var/log/psad/fwdata file or the /var/log/messages file (whichever syslog is writing iptables log messages to) gets rotated are now handled automatically.Image

More...
Login or Register to Ask a Question

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Formatting port scan output

I need to format port scan output for input into another app. This is what I have; 1025/tcp 1521/tcp 2301/tcp 2381/tcp 3191/tcp 3389/tcp 5938/tcp 47001/tcp 54321/tcp 21/tcp 80/tcp 135/tcp 139/tcp 445/tcp 1025/tcp (4 Replies)
Discussion started by: lewk
4 Replies

2. Shell Programming and Scripting

port scan shell script

Hi, Can any one please suggest me commands for making port scan shell script. (3 Replies)
Discussion started by: nrbhole
3 Replies

3. UNIX for Advanced & Expert Users

Please let me know Regarding Port Scan

Can any one please let me know below ones 1) How to Perform the Port Scan in Solaris Environment and how to block the unwanted Ports. 2) How to know whether particular Port is listning the requests or not? Thanks Ramkumar.B (7 Replies)
Discussion started by: myramkumar
7 Replies

4. UNIX for Dummies Questions & Answers

unix program that can port scan a c block of ips for proxies

can anyone tell me a unix program that can port scan a c block of ips for proxies? a fast one, with reliable results, that can load an ip list, or set an ip range, and specify ports thanks! (1 Reply)
Discussion started by: user
1 Replies
Login or Register to Ask a Question

LEARN ABOUT CENTOS

kmsgsd

KMSGSD(8)                                                     System Manager's Manual                                                    KMSGSD(8)

NAME

       kmsgsd - separates iptables messages from all other kernel messages.

SYNOPSIS

       kmsgsd

DESCRIPTION

       kmsgsd  reads  messages  from  the  /var/lib/psad/psadfifo  named  pipe  and prints any firewall related log messages to the psad data file
       "/var/log/psad/fwdata".  psad cannot detect port scans or other suspect traffic without kmsgsd running on the  machine.   kmsgsd  uses  the
       psad.conf configuration file which by default is located at /etc/psad/psad.conf, but a different path can be specified on the command line.

OPTIONS

       -c <config-file>
              Specify path to config file instead of using the default configuration file /etc/psad/psad.conf.

       -D     Dump the configuration values that kmsgd derives from /etc/psad/psad.conf (or other override files) on STDERR.

       -h     Display usage information and exit.

       -O <config-file>
              Override  config variable values that are normally read from the /etc/psad/psad.conf file with values from the specified file.  Mul-
              tiple override config files can be given as a comma separated list.

SEE ALSO

       psad(8), psadwatchd(8),

AUTHOR

       Michael Rash (mbr@cipherdyne.org)

       This manual page was written by Daniel Gubser <daniel.gubser@gutreu.ch> for the Debian GNU/Linux system (but may be used by others).

DISTRIBUTION

       psad is distributed under the GNU General Public License (GPL), and the latest version may be downloaded from http://www.cipherdyne.org

Debian GNU/Linux                                                   November 2002                                                         KMSGSD(8)