[Bug 459081] New: Review Request: psad - Port Scan Attack Detector (psad) watches for suspect traffic

bugzilla at redhat.com bugzilla at redhat.com
Thu Aug 14 12:01:14 UTC 2008 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.

Summary: Review Request: psad - Port Scan Attack Detector (psad) watches for suspect traffic

https://bugzilla.redhat.com/show_bug.cgi?id=459081

           Summary: Review Request: psad - Port Scan Attack Detector
                    (psad) watches for suspect traffic
           Product: Fedora
           Version: rawhide
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: medium
          Priority: medium
         Component: Package Review
        AssignedTo: nobody at fedoraproject.org
        ReportedBy: pvrabec at redhat.com
         QAContact: extras-qa at fedoraproject.org
                CC: notting at redhat.com, fedora-package-review at redhat.com
   Estimated Hours: 0.0
    Classification: Fedora


Spec URL: http://people.redhat.com/pvrabec/rpms/psad-2.1.3-1.fc9.src.rpm
SRPM URL: http://people.redhat.com/pvrabec/rpms/psad.spec

Description: Port Scan Attack Detector (psad) is a collection of three
lightweight system daemons written in Perl and in C that are designed to work
with Linux iptables firewalling code to detect port scans and other suspect
traffic. It features a set of highly configurable danger thresholds (with
sensible defaults provided), verbose alert messages that include the source,
destination, scanned port range, begin and end times, tcp flags and
corresponding nmap options, reverse DNS info, email and syslog alerting,
automatic blocking of offending ip addresses via dynamic configuration of
iptables rulesets, and passive operating system fingerprinting.  In addition,
psad incorporates many of the tcp, udp, and icmp signatures included in the
snort intrusion detection system (http://www.snort.org) to detect highly
suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend,
SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin,
xmas) which are easily leveraged against a machine via nmap.  psad can also
alert on snort signatures that are logged via fwsnort
(http://www.cipherdyne.org/fwsnort/), which makes use of the
iptables string match module to detect application layer signatures.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the Fedora-package-review mailing list