https://bugzilla.redhat.com/show_bug.cgi?id=1382875 Bug ID: 1382875 Summary: Review Request: psad - Port Scan Attack Detector (psad) watches for suspect traffic Product: Fedora Version: rawhide Component: Package Review Severity: medium Priority: medium Assignee: nobody@xxxxxxxxxxxxxxxxx Reporter: dominik@xxxxxxxxxxxxxx QA Contact: extras-qa@xxxxxxxxxxxxxxxxx CC: package-review@xxxxxxxxxxxxxxxxxxxxxxx Spec URL: https://rathann.fedorapeople.org/review/psad/psad.spec SRPM URL: https://rathann.fedorapeople.org/review/psad/psad-2.4.3-1.fc24.src.rpm Description: Port Scan Attack Detector (psad) is a collection of three lightweight system daemons written in Perl and in C that are designed to work with Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, tcp flags and corresponding nmap options, reverse DNS info, email and syslog alerting, automatic blocking of offending ip addresses via dynamic configuration of iptables rulesets, and passive operating system fingerprinting. In addition, psad incorporates many of the tcp, udp, and icmp signatures included in the snort intrusion detection system (https://www.snort.org) to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, xmas) which are easily leveraged against a machine via nmap. psad can also alert on snort signatures that are logged via fwsnort (https://www.cipherdyne.org/fwsnort/), which makes use of the iptables string match module to detect application layer signatures. Fedora Account System Username: rathann Changes since it was retired: * Fri Aug 12 2016 Dominik Mierzejewski <rpm@xxxxxxxxxxxxxx> - 2.4.3-1 - update to 2.4.3 - use https in URLs - supply native systemd unit - drop obsolete patches - merge Fedora-specific changes into one patch - use system whois client instead of bundled one - update (and sort) Requires list - tighten file list - remove bundled stuff in prep -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx