[Bug 459081] New: Review Request: psad - Port Scan Attack Detector (psad) watches for suspect traffic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.

Summary: Review Request: psad - Port Scan Attack Detector (psad) watches for suspect traffic

https://bugzilla.redhat.com/show_bug.cgi?id=459081

           Summary: Review Request: psad - Port Scan Attack Detector
                    (psad) watches for suspect traffic
           Product: Fedora
           Version: rawhide
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: medium
          Priority: medium
         Component: Package Review
        AssignedTo: nobody@xxxxxxxxxxxxxxxxx
        ReportedBy: pvrabec@xxxxxxxxxx
         QAContact: extras-qa@xxxxxxxxxxxxxxxxx
                CC: notting@xxxxxxxxxx, fedora-package-review@xxxxxxxxxx
   Estimated Hours: 0.0
    Classification: Fedora


Spec URL: http://people.redhat.com/pvrabec/rpms/psad-2.1.3-1.fc9.src.rpm
SRPM URL: http://people.redhat.com/pvrabec/rpms/psad.spec

Description: Port Scan Attack Detector (psad) is a collection of three
lightweight system daemons written in Perl and in C that are designed to work
with Linux iptables firewalling code to detect port scans and other suspect
traffic. It features a set of highly configurable danger thresholds (with
sensible defaults provided), verbose alert messages that include the source,
destination, scanned port range, begin and end times, tcp flags and
corresponding nmap options, reverse DNS info, email and syslog alerting,
automatic blocking of offending ip addresses via dynamic configuration of
iptables rulesets, and passive operating system fingerprinting.  In addition,
psad incorporates many of the tcp, udp, and icmp signatures included in the
snort intrusion detection system (http://www.snort.org) to detect highly
suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend,
SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin,
xmas) which are easily leveraged against a machine via nmap.  psad can also
alert on snort signatures that are logged via fwsnort
(http://www.cipherdyne.org/fwsnort/), which makes use of the
iptables string match module to detect application layer signatures.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
Fedora-package-review mailing list
Fedora-package-review@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-package-review

[Index of Archives]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]