Top > Security > Firewalls > Port Scan Attack Detector

Port Scan Attack Detector - Detects port scans

Port Scan Attack Detector (psad) works with the Linux kernel firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It has highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets.

For the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) can be leveraged against a machine via nmap.



Obtaining

Web pagehttp://www.cipherdyne.com/
Source tarballhttp://www.cipherdyne.com/psad/download/psad-1.3.2.tar.gz
Source informationhttp://www.cipherdyne.com/psad/download/
Version 1.3.2 (stable) released on 2004-06-28
Licensed under The GNU General Public License, Version 2 or later.
This is not a GNU package.

Documentation
User README included and available in HTML format from http://www.cipherdyne.com/psad/psaddoc.html
Support contacts

Help List<mbr@cipherdyne.com>
Developer List<mbr@cipherdyne.com>
Bug List<mbr@cipherdyne.com>

Project contacts

Maintainers
Developers
Contributors
  • See the CREDITS file in the distribution for a complete list

Related information

Source repositoryhttp://www.cipherdyne.com/cgi/viewcvs.cgi/psad/
Interfacesdaemon
ProgramsUnix::Syslog, whois
Source languagesPerl

Entry information

License verified byJanet Casey <jcasey@gnu.org> on 2002-05-02
Entry compiled byJanet Casey <jcasey@gnu.org>

Categories


The copyright licensing notice below applies to this text. The software described in this text has its own copyright notice and license, which can usually be found in the distribution itself.

Copyright © 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.

Permission is granted to copy, distribute, and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts. A copy of this license is included in the file COPYING.DOC.

Please report any problems in this page to bug-directory@gnu.org, or find out how you can help fix them.

The FSF provides this directory as a service to the free software community. Please consider donating to the FSF to help support this project.