| Name : psad
| |
| Version : 1.4.1
| Vendor : MandrakeSoft
|
| Release : 2mdk
| Date : 2005-03-15 11:22:30
|
| Group : System/Servers
| Source RPM : psad-1.4.1-2mdk.src.rpm
|
| Size : 1.28 MB
| |
| Packager : Lenny Cartier < lenny_mandrakesoft_com>
| |
| Summary : Psad analyzses iptables log messages for suspect traffic
|
Description :
Port Scan Attack Detector (psad) is a collection of four lightweight
system daemons written in Perl and C that are designed to work with
Linux firewalling code (iptables in the 2.4.x kernels, and ipchains
in the 2.2.x kernels) to detect port scans. It features a set of highly
configurable danger thresholds (with sensible defaults provided),
verbose alert messages that include the source, destination, scanned
port range, begin and end times, TCP flags and corresponding nmap
options (Linux 2.4.x kernels only), email alerting, and automatic
blocking of offending IP addresses via dynamic configuration of
ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels
psad incorporates many of the TCP, UDP, and ICMP signatures included in
Snort to detect highly suspect scans for various backdoor programs
(e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and
advanced port scans (syn, fin, Xmas) which are easily leveraged against
a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP
window sizes to passively fingerprint the remote operating system from
which scans originate.
|
RPM found in directory: /vol/rzm6/linux-mandriva/official/10.2/i586/media/contrib |
