Free Software Foundation!

Join now

Help us raise $300,000 by January 30th

Port Scan Attack Detector

This entry published by the Free Software Foundation.



Port Scan Attack Detector

http://www.cipherdyne.com/
Port Scan Attack Detector (psad) works with the Linux kernel firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It has highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. For the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) can be leveraged against a machine via nmap.

Documentation

User README included and available in HTML format from http://www.cipherdyne.com/psad/psaddoc.html

Related Projects


Download

Download External-link-icon.png version 1.4.2 (stable)
released on 15 July 2005

Categories


Licensing

License Verified by Verified on Notes
GPLv2orlater Janet Casey 2452396.52 May 2002


Leaders and contributors

Contact(s)Role
"Email mbr@cipherdyne.com" Michael Rash Maintainer
See the CREDITS file in the distribution for a complete listContributor

Resources and communication

Audience Resource type URI
Developer VCS Repository Webview http://www.cipherdyne.com/cgi/viewcvs.cgi/psad/
Bug Tracking,Developer,Support E-mail mailto:mbr@cipherdyne.com


Software prerequisites

Click here if you'd like to report a problem or make a suggestion that could


This entry (in part or in whole) was last reviewed on 15 July 2005.



Problem with this listing?













Retrieved from "http://directory.fsf.org/wiki/Port_Scan_Attack_Detector"

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the page “GNU Free Documentation License”.

The copyright and license notices on this page only apply to the text on this page. Any software described in this text has its own copyright notice and license, which can usually be found in the distribution itself.

This page was last modified on 12 April 2011, at 13:00.

The FSF is a charity with a worldwide mission to advance software freedom — learn about our history and work.

Copyright © 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.

Licensed under the GNU Free Documentation License, version 1.3 or later.

The FSF also has sister organizations in France, Latin America, Europe and India.

Powered by MediaWiki and Semantic MediaWiki

Toolbox