Section: .. / linux / security /
| /// File Name: |
pam_usb-0.3.3.tar.gz |
Description:
|
pam_usb is a PAM module that enables authentication using a USB storage device through DSA private/public keys. It can also work with floppy disks, CD-ROMs, or any kind of mountable device.
| | Author: | Andrea Luzzardi | | Homepage: | http://www.sig11.org/~al/pam_usb/ | | Changes: | The option keypath is now split into local_keypath and device_keypath. Fixed a bug that occurred when the TTY entry was empty. Various other fixes and enhancements. | | File Size: | 27211 | | Last Modified: | Oct 26 12:12:50 2005 |
| MD5 Checksum: | 45e73035b706ff6dd20d002210bf0cb3 |
|
| /// File Name: |
pam_usb-0.4.0.tar.gz |
Description:
|
pam_usb is a PAM module that enables authentication using a USB storage device through DSA private/public keys. It can also work with floppy disks, CD-ROMs, or any kind of mountable device.
| | Author: | Andrea Luzzardi | | Homepage: | http://www.sig11.org/~al/pam_usb/ | | Changes: | Completely redesigned amongst other changes. | | File Size: | 31889 | | Last Modified: | Apr 10 01:48:38 2007 |
| MD5 Checksum: | 51a677ff30a3b29e8b5df4a0e60c8d75 |
|
| /// File Name: |
pam_usb-0.4.1.tar.gz |
Description:
|
pam_usb is a PAM module that enables authentication using a USB storage device through DSA private/public keys. It can also work with floppy disks, CD-ROMs, or any kind of mountable device.
| | Author: | Andrea Luzzardi | | Homepage: | http://www.sig11.org/~al/pam_usb/ | | Changes: | Fixed a security issue related to OpenSSH authentication. Fixed the quiet option (now it is really quiet). Support for devices without vendor/model information. | | File Size: | 32044 | | Last Modified: | May 30 17:01:07 2007 |
| MD5 Checksum: | 2c6178952cd90fbdee928d272141fde8 |
|
| /// File Name: |
pam_watch-0.2.tar.gz |
Description:
|
Pam_watch is a pam module that installs two fifos for each console and allows you to take control by using them. One fifo can be used to read from STDOUT of the user console and the other to write to the STDIN of it. A simple client utility that uses these features is included.
| | Homepage: | http://frida.fri.utc.sk/~behan/devel/pam_watch/ | | File Size: | 8747 | | Last Modified: | Oct 15 20:19:20 2000 |
| MD5 Checksum: | c547f515652e1c2a3e6bfd47b53ae491 |
|
| /// File Name: |
pax-linux-2.2.17.patch |
Description:
|
PaX is an implementation of non-executable pages for IA-32 processors (i.e. pages which user mode code can read or write, but cannot execute code in). Since the processor's native page table/directory entry format has no provision for such a feature, it is a non-trivial task. The project was designed to provide Linux with protection from buffer overflows. Making parts of the memory pages read/write access enabled, but not executable provides the protection.
| | Author: | PaX | | Homepage: | http://pageexec.virtualave.net | | File Size: | 27234 | | Last Modified: | Nov 15 22:14:52 2000 |
| MD5 Checksum: | 49103bb0e247182182de7b1ece4708b0 |
|
| /// File Name: |
phantom_security-1.00.tar.gz |
Description:
|
GNU Phantom.Security is a computer-controlled security system. Using the software and a simple circuit board (schematics included) that you build, you can create a good basic security system that is computer controlled. The system can use off-the-shelf security devices like motion sensors, door magnets, and fire/smoke detectors with little to moderate modification. And if the machine the system is running on is connected to a LAN/WAN or the Internet, you can have it send e-mail. If you have a pager or cell phone capable of receiving e-mail, then you will have around the clock intrusion/fire detection for your home or office.
| | Author: | Joe Thielen | | Homepage: | http://www.joethielen.com/phantom/security/ | | File Size: | 221425 | | Last Modified: | Mar 10 19:46:47 2000 |
| MD5 Checksum: | b540be03dd45ee1f463bfc42490b1079 |
|
| /// File Name: |
poldi-0.4.tar.bz2 |
Description:
|
Poldi is a PAM module that implements authentication through the OpenPGP smart card. It uses the smart card daemon from the GnuPG project for smart card access.
| | Author: | Moritz Schulte | | File Size: | 367470 | | Last Modified: | Aug 13 01:10:14 2008 |
| MD5 Checksum: | 5a0312c3124e3dbb558a24f1017c169c |
|
| /// File Name: |
procmon.tar.gz |
Description:
|
Process Monitor v0.23 for Linux is a small kernel module that allows you to watch all programs executed on the system. It is useful for generating full listings of programs (and their supplied arguments) run by potentially dangerous users on a system.
| | Homepage: | http://freshmeat.net/projects/procmon | | Changes: | A fix for a bug which could cause an entire system to hang under very heavy loads. | | File Size: | 5224 | | Last Modified: | Dec 14 22:10:15 2002 |
| MD5 Checksum: | 79019293f8301380106fdb111d5f5f96 |
|
| /// File Name: |
procwatch |
Description:
|
Procwatch is a perl script which watches a /proc filesystem for new processes. When a process is created, procwatch reports the time, the username, the PID, and the binary that was run. Its output is suitable for logging to log files and is geared for system administrators who are testing a new but as yet untrusted UNIX system. Although it cannot detect, and is not proof against, hacked loadable kernel modules that have modified /proc, it is useful in watching for possible rogue binaries.
| | Author: | Adam Guyot | | Homepage: | http://www.speakeasy.net/~aguyot | | File Size: | 5059 | | Last Modified: | Nov 24 16:21:32 2001 |
| MD5 Checksum: | a91a4fd73ea6a3e871efd7c377c36da8 |
|
| /// File Name: |
psad-0.8.6.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | File Size: | 20457 | | Last Modified: | Apr 16 20:47:59 2001 |
| MD5 Checksum: | 31a96bab23794fbfcb0391b502f9ee65 |
|
| /// File Name: |
psad-0.8.7.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | Changes: | New automatic danger level assigned for known trouble IPs, signature checking and updating done on the fly, and improvements to the install.pl script to parse ipchains rulesets better. | | File Size: | 24631 | | Last Modified: | May 2 23:10:37 2001 |
| MD5 Checksum: | 0c8959af19da07c0bd496241ac1f4e92 |
|
| /// File Name: |
psad-0.8.8.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | Changes: | Whois lookups against scanning IPs were added. An uninstall option was added to install.pl. A bug in the 'stop' routine in psad-init was fixed. A bug in the syslog restart system call in install.pl was fixed. | | File Size: | 51593 | | Last Modified: | May 8 20:06:01 2001 |
| MD5 Checksum: | 280a7905ddcba14ed03ae517eb8be7a3 |
|
| /// File Name: |
psad-0.8.9.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | Changes: | A seperate monitoring daemon, psadwatchd has been added which watches both psad and kmsgsd, support for multiple email address reporting, and a debugging mode for psad have all been added. Some bugs have been fixed. | | File Size: | 53255 | | Last Modified: | Jul 23 19:43:36 2001 |
| MD5 Checksum: | 8e3f0ec1dd35f1bf3386b8c268eed5f9 |
|
| /// File Name: |
psad-0.9.0.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | Changes: | Support has been added for UDP scan detection along with a few UDP scan signatures, a new verbose mode is included in install.pl, improved check_flags() for better TCP flag recognition (nmap NULL scans are supported), and a fix for psadwatchd not parsing ps output correctly. | | File Size: | 57114 | | Last Modified: | Aug 4 08:24:31 2001 |
| MD5 Checksum: | 9ac41fc3e1b1a038c9b5d5a5e351687c |
|
| /// File Name: |
psad-0.9.1.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | Changes: | A security bugfix was made in config file processing. Deep scans are now detected properly. A man page and a set of benchmarks was added. | | File Size: | 64551 | | Last Modified: | Sep 5 02:12:59 2001 |
| MD5 Checksum: | 3608f0e66ea8244b793d8bbd367087a7 |
|
| /// File Name: |
psad-0.9.2.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | Changes: | Filesystem Hierarchy Standard (FHS) support, Red Hat 7.0/7.1 support, a process management system which is used by the psad init script, and support for ipchains firewalls on the 2.4.x kernels. | | File Size: | 75038 | | Last Modified: | Oct 5 01:49:52 2001 |
| MD5 Checksum: | 7d85d3437d9bcb04bd793b553a65c43f |
|
| /// File Name: |
psad-0.9.3.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | Changes: | Fixed a problem that would drop packets that are part of legitimate TCP sessions. The --USR1 command line option was added to have psad automatically send a running psad process a USR1 signal, which is useful for peering into a running scan data structure. An email installation subroutine was added to install.pl. | | File Size: | 77491 | | Last Modified: | Nov 6 11:18:47 2001 |
| MD5 Checksum: | 13850681a769d0b08d85f67c99ad6ae3 |
|
| /// File Name: |
psad-0.9.4.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | Changes: | Added h2xs support so psad will install Psad.pm The Right Way. Added the conntrack_patch kernel patch to fix the iptables ip_conntrack bug which causes packets to be dropped that are part of legitimate tcp sessions. Added the USR1 option to support automatic sending of a USR1 signal to a running psad process. Updated documentation and man page to reflect the above changes. | | File Size: | 80498 | | Last Modified: | Dec 8 21:42:20 2001 |
| MD5 Checksum: | 7fae1a92687d1491cb6d614dc71d4640 |
|
| /// File Name: |
psad-0.9.6.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | Changes: | Compatible with more linux distributions now. The running time was added to --Status output. Support for "use strict" was added. Various small bugfixes and cleanups were made. | | File Size: | 82129 | | Last Modified: | Mar 8 01:36:54 2002 |
| MD5 Checksum: | 5b1badae2dbbb55ab980ef27b6c77f8e |
|
| /// File Name: |
psad-0.9.8.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com/psad | | Changes: | All four psad daemons now reference the same configuration file (/etc/psad/psad.conf). TCP wrapper support was added in the auto-blocking code. A better install strategy is now used for psadfifo in /etc/syslog.conf. The main psad code was simplified by removing all references to the Scan hash and by shortening some of the function calls. | | File Size: | 101519 | | Last Modified: | May 5 02:09:40 2002 |
| MD5 Checksum: | 3b06c6c5a028f22b8320755058de646c |
|
| /// File Name: |
psad-0.9.9.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
| | Homepage: | http://www.cipherdyne.com | | Changes: | Bugfixes for the tcpwrapper auto-blocking code on iptables and ipchains boxes. A new whois lookup strategy has been added that creates files like /var/log/psad/who.txt_IP for each scanning IP, a prelude to snort-style logging. Now uses the latest version of the whois client. The psad.8 man page and other docs have been updated. | | File Size: | 103435 | | Last Modified: | Aug 21 03:33:33 2002 |
| MD5 Checksum: | 52fa028f286ae17f9c1e3a33a9a879b1 |
|
| /// File Name: |
psad-1.2.2.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate.
| | Homepage: | http://www.cipherdyne.org | | Changes: | This release is available as an RPM package. | | File Size: | 426744 | | Last Modified: | Aug 27 02:40:02 2003 |
| MD5 Checksum: | 382190e3e20e4299848d60a2244bc121 |
|
| /// File Name: |
psad-1.2.4.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate.
| | Homepage: | http://www.cipherdyne.org | | Changes: | Now supports Gentoo Linux, adds a danger level to subject in email alerts, handles disk utilization directly, adds exclusion of loopback and local addresses from auto-blocking routines, and bug fixes. | | File Size: | 556482 | | Last Modified: | Oct 20 23:31:25 2003 |
| MD5 Checksum: | 28e4b32dab4ca168da622443b5d8036a |
|
| /// File Name: |
psad-1.3.1.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate. Changelog available here.
| | Homepage: | http://www.cipherdyne.org | | Changes: | Added the ability to re-import scanning ip directories after a restart of psad or a system reboot. An analysis mode was added so that a logfile that contains iptables messages (such as the /var/log/messages) can be analyzed for scans. ICMP type and code validation against RFC 792 was added. Excessive strictness with FW_MSG_SEARCH was fixed. The signatures were updated to those included with snort 2.1. | | File Size: | 584427 | | Last Modified: | Dec 29 00:50:42 2003 |
| MD5 Checksum: | 96a43d63a1cb944b651cb28786dbe0de |
|
| /// File Name: |
psad-1.3.2.tar.gz |
Description:
|
Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate. Changelog available here.
| | Homepage: | http://www.cipherdyne.org | | Changes: | Bug fixes and other improvements. | | File Size: | 597119 | | Last Modified: | Jul 13 09:12:00 2004 |
| MD5 Checksum: | fee10436b38f0232d5f2556ee7809631 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
