Port Scan Attack Detector 2.0 review

Download
by rbytes.net on

License: GPL (GNU General Public License)
File size: 490K
Developer: Michael Rash
0 stars award from rbytes.net

The Port Scan Attack Detector (psad) is a collection of three system daemons that are designed to work with the Linux Netfilter firewalling code to detect port scans and other suspect traffic.

Port Scan Attack Detector project features a set of highly configurable danger thresholds (with sensible defaults), verbose alert messages, email alerting, DShield reporting, and automatic blocking of offending IP addresses.

Psad incorporates many of the packet signatures included in Snort to detect various kinds of suspicious scans, and implements the same passive OS fingerprinting algorithm used by p0f.

What's New in This Release:
This release adds support for the Snort keywords ttl, id, seq, ack, window, icmp_id, icmp_seq, itype, icode, ipopts, and sameip.
It adds suppport for automatically downloading signature updates from the cipherdyne.org website.
It has better --Analyze output that includes the top attackers, scanned ports, and signature matches.
CSV output has been added so that Netfilter logs can be visualized with the AfterGlow project.
There is an auto-response bugfix so that the reponse config is re-initialized after receiving a HUP signal.

Port Scan Attack Detector 2.0 search tags