Categories
Audio
Business and productivity
Database
Education
Email
Games
Graphics
Hobbies
Interface
Internet applications
Live communications
Localization
Mathematics
Printing
Science
Security
Software development
Software libraries
System administration
Text creation and manipulation
Video
Web authoring
Port Scan Attack Detector
Port Scan Attack Detector (psad) works with the Linux kernel firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It has highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets.
For the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) can be leveraged against a machine via nmap.
Last updated 15 Jul, 2005
About
Leadership
- Michael Rash - Maintainer
- See the CREDITS file in the distribution for a complete list - Contributor
Related Projects
Subprograms
Unix::Syslog, whois
Versions
1.4.2
1.4.2 stable released 2005-07-15
- Released: 15 Jul, 2005
- Code Maturity: Stable
- Source Archive: http://www.cipherdyne.com/psad/download/psad-1....
- Licenses: GPLv2orlater
- Interfaces: Daemon
User Community and Support
User README included and available in HTML format from http://www.cipherdyne.com/psad/psaddoc.html