| psad | Port Scan Attack Detector | Mehr ... |
PSAD is a collection of four lightweight system daemons (in Perl and
C) designed to work with iptables to detect port scans. It features:
* a set of highly configurable danger thresholds (with sensible
defaults provided);
* verbose alert messages that include the source, destination,
scanned port range, beginning and end times, TCP flags, and
corresponding Nmap options;
* reverse DNS information;
* alerts via email;
* automatic blocking of offending IP addresses via dynamic firewall
configuration.
.
When combined with fwsnort and the iptables string match extension,
PSAD is capable of detecting many attacks described in the Snort rule
set that involve application layer data. |
