Группа :: Система/Серверы
Пакет: psad
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Текущая версия: 2.0.5-alt1
Время сборки: 23 марта 2007, 15:46 ( 894.4 недели назад )
Размер архива: 718.01 Kb
Домашняя страница: http://www.cipherdyne.org/psad/
Лицензия: GPL
О пакете: psad analyzes iptables log messages for suspect traffic
Описание:
Список всех майнтейнеров, принимавших участие
в данной и/или предыдущих сборках пакета: Список rpm-пакетов, предоставляемый данным srpm-пакетом:
ACL:
Время сборки: 23 марта 2007, 15:46 ( 894.4 недели назад )
Размер архива: 718.01 Kb
Домашняя страница: http://www.cipherdyne.org/psad/
Лицензия: GPL
О пакете: psad analyzes iptables log messages for suspect traffic
Описание:
Port Scan Attack Detector (psad) is a collection of three lightweight
system daemons written in Perl and in C that are designed to work with Linux
iptables firewalling code to detect port scans and other suspect traffic. It
features a set of highly configurable danger thresholds (with sensible
defaults provided), verbose alert messages that include the source,
destination, scanned port range, begin and end times, tcp flags and
corresponding nmap options, reverse DNS info, email and syslog alerting,
automatic blocking of offending ip addresses via dynamic configuration of
iptables rulesets, and passive operating system fingerprinting. In addition,
psad incorporates many of the tcp, udp, and icmp signatures included in the
snort intrusion detection system (http://www.snort.org) to detect highly
suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend,
SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin,
xmas) which are easily leveraged against a machine via nmap. psad can also
alert on snort signatures that are logged via fwsnort
(http://www.cipherdyne.org/fwsnort/), which makes use of the
iptables string match module to detect application layer signatures.
Текущий майнтейнер: Denis Kuznetsov system daemons written in Perl and in C that are designed to work with Linux
iptables firewalling code to detect port scans and other suspect traffic. It
features a set of highly configurable danger thresholds (with sensible
defaults provided), verbose alert messages that include the source,
destination, scanned port range, begin and end times, tcp flags and
corresponding nmap options, reverse DNS info, email and syslog alerting,
automatic blocking of offending ip addresses via dynamic configuration of
iptables rulesets, and passive operating system fingerprinting. In addition,
psad incorporates many of the tcp, udp, and icmp signatures included in the
snort intrusion detection system (http://www.snort.org) to detect highly
suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend,
SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin,
xmas) which are easily leveraged against a machine via nmap. psad can also
alert on snort signatures that are logged via fwsnort
(http://www.cipherdyne.org/fwsnort/), which makes use of the
iptables string match module to detect application layer signatures.
Список всех майнтейнеров, принимавших участие
в данной и/или предыдущих сборках пакета: Список rpm-пакетов, предоставляемый данным srpm-пакетом:
- psad