NewsForge: Detecting Suspicious Network Traffic with psad
Apr 27, 2005, 05:30 (0 Talkback[s])
(Other stories by Paul Virijevich)
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
"Have you ever wondered how many people are scanning your server
looking for weaknesses? One way to find out is to install the Port
Scan Attack Detector (psad), is a collection of three lightweight
system daemons that alert you to suspicious network activity by
analyzing iptables log files.
"With psad you can:
- "Detect port scans
- "View a report of all attacks, along with system resources
consumed by PSAD..."