Port Scan Attack Detector 2.1.2 (Default branch)

04-04-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

Port Scan Attack Detector 2.1.2 (Default branch)

The Port Scan Attack Detector (psad) is acollection of three system daemons that aredesigned to work with the Linux iptablesfirewalling code to detect port scans and othersuspect traffic. It features a set of highlyconfigurable danger thresholds (with sensibledefaults), verbose alert messages, email alerting,DShield reporting, and automatic blocking ofoffending IP addresses. Psad incorporates many ofthe packet signatures included in Snort to detectvarious kinds of suspicious scans, and implementsthe same passive OS fingerprinting algorithm usedby p0f.License: GNU General Public License (GPL)Changes:
A bug was fixed so that kernel timestamps are notincluded in iptables log prefixes that containspaces like "[ 65.026008] DROP". Non-resolved IPaddresses are now skipped. p0f output in --debugmode was improved to display when a passive OSfingerprint cannot be calculated based on iptableslog messages that include TCP options (i.e. with--log-tcp-options when building a LOG rule on theiptables command line).

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

KMSGSD(8) System Manager's Manual KMSGSD(8) NAME
kmsgsd - separates iptables messages from all other kernel messages. SYNOPSIS
kmsgsd DESCRIPTION
kmsgsd reads messages from the /var/lib/psad/psadfifo named pipe and prints any firewall related log messages to the psad data file "/var/log/psad/fwdata". psad cannot detect port scans or other suspect traffic without kmsgsd running on the machine. kmsgsd uses the psad.conf configuration file which by default is located at /etc/psad/psad.conf, but a different path can be specified on the command line. OPTIONS
-c <config-file> Specify path to config file instead of using the default configuration file /etc/psad/psad.conf. -D Dump the configuration values that kmsgd derives from /etc/psad/psad.conf (or other override files) on STDERR. -h Display usage information and exit. -O <config-file> Override config variable values that are normally read from the /etc/psad/psad.conf file with values from the specified file. Mul- tiple override config files can be given as a comma separated list. SEE ALSO
psad(8), psadwatchd(8), AUTHOR
Michael Rash (mbr@cipherdyne.org) This manual page was written by Daniel Gubser <daniel.gubser@gutreu.ch> for the Debian GNU/Linux system (but may be used by others). DISTRIBUTION
psad is distributed under the GNU General Public License (GPL), and the latest version may be downloaded from http://www.cipherdyne.org Debian GNU/Linux November 2002 KMSGSD(8)

Software Releases - RSS News

Port Scan Attack Detector 2.1.2 (Default branch)

4 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Formatting port scan output

Discussion started by: lewk

2. Shell Programming and Scripting

port scan shell script

Discussion started by: nrbhole

3. UNIX for Advanced & Expert Users

Please let me know Regarding Port Scan

Discussion started by: myramkumar

4. UNIX for Dummies Questions & Answers

unix program that can port scan a c block of ips for proxies

Discussion started by: user

LEARN ABOUT CENTOS

kmsgsd