NewsForge: Detecting Suspicious Network Traffic with psad
Apr 27, 2005, 05:30 (0 Talkback[s])
(Other stories by Paul Virijevich)
"Have you ever wondered how many people are scanning your server
looking for weaknesses? One way to find out is to install the Port
Scan Attack Detector (psad), is a collection of three lightweight
system daemons that alert you to suspicious network activity by
analyzing iptables log files.
"With psad you can:
- "Detect port scans
- "View a report of all attacks, along with system resources
consumed by PSAD..."