psad 2.1.5-1 (i386 binary) in ubuntu lucid
PSAD is a collection of four lightweight system daemons written in
Perl and in C that is designed to work with Linux firewalling code
(iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels)
to detect port scans. It features a set of highly configurable danger
thresholds (with sensible defaults provided), verbose alert messages
that include the source, destination, scanned port range, begin and
end times, tcp flags and corresponding nmap options (Linux 2.4.x
kernels only), reverse DNS info, email alerting, and automatic
blocking of offending ip addresses via dynamic configuration of
ipchains/iptables firewall rulesets.
.
In addition, for the 2.4.x kernels psad incorporates many
of the tcp signatures included in Snort to detect highly suspect scans
for:
.
* various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven)
* DDoS tools (mstream, shaft)
* advanced port scans (syn, fin, xmas) such as those made with nmap
.
Details
- Package version:
- 2.1.5-1
- Status:
- Superseded
- Component:
- universe
- Priority:
- Optional
Downloadable files
- psad_2.1.5-1_i386.deb (175.4 KiB)
Package relationships
- Conflicts:
- Suggests:
- Recommends: