| Port Scan Attack Detector (psad) is a program written in Perl that is
designed
to work with Linux firewalling code (iptables in the 2.4.x kernels, and
ipchains in the 2.2.x kernels) to detect port scans. It features a set of
highly configurable danger thresholds (with sensible defaults provided),
verbose alert messages that include the source, destination, scanned port
range, begin and end times, TCP flags and corresponding nmap options
(Linux
2.4.x kernels only), email alerting, and automatic blocking of offending
IP
addresses via dynamic configuration of ipchains/iptables firewall rulesets.
In
addition, for the 2.4.x kernels psad incorporates many of the TCP
signatures
included in Snort to detect highly suspect scans for various backdoor
programs
(e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and
advanced
port scans (syn, fin, Xmas) which are easily leveraged against a machine
via
nmap. |
![[ Register ]](/images/navbar/register.gif){kind=small}
![[ Applications ]](/images/navbar/applications.gif){kind=small}
![[ Documentation ]](/images/navbar/documentation.gif){kind=small}
![[ Distributions ]](/images/navbar/distributions.gif){kind=small}
![[ Download Info ]](/images/navbar/download.gif){kind=small}
![[ General Info ]](/images/navbar/geninfo.gif){kind=small}
![[ Book Store ]](/images/navbar/bookstore.gif){kind=small}
![[ Courses ]](/images/navbar/courses.gif){kind=small}
![[ News ]](/images/navbar/news.gif){kind=small}
![[ People ]](/images/navbar/people.gif){kind=small}
![[ Hardware ]](/images/navbar/hardware.gif){kind=small}
![[ Vendors ]](/images/navbar/vendors.gif){kind=small}
![[ Projects ]](/images/navbar/projects.gif){kind=small}
![[ Events ]](/images/navbar/events.gif){kind=small}
![[ User Groups ]](/images/navbar/usergroups.gif){kind=small}
![[ User Area ]](/images/navbar/user_area.gif){kind=small}
![[ About Us ]](/images/navbar/aboutus.gif){kind=small}
![[ Home Page ]](/images/navbar/homepage.gif){kind=small}
![[ Advertise ]](/images/navbar/advertise.gif){kind=small}
