psad: Linux Detect And Block Port Scan Attacks In Real Time

Aug 12, 2008, 20:01 (0 Talkback[s])
(Other stories by Vivek Gite)

[ Thanks to An Anonymous Reader for this link. ]

"psad makes use of Netfilter log messages to detect, alert, and (optionally) block port scans and other suspect traffic. For tcp scans psad analyzes tcp flags to determine the scan type (syn, fin, xmas, etc.) and corresponding command line options that could be supplied to nmap to generate such a scan. In addition, psad makes use of many tcp, udp, and icmp signatures contained within the Snort intrusion detection system."

Complete Story

Related Stories:

• Four Good Choices for Your Next IDS(Mar 19, 2008)
• HowtoForge: Securing the CentOS Perfect Setup with Bastille(Aug 24, 2006)
• HowtoForge: Basic Iptables--Debian Pre-Sarge(Nov 04, 2005)
• NewsForge: Three Tools to Help You Configure iptables(May 25, 2005)
• NewsForge: Detecting Suspicious Network Traffic with psad(Apr 27, 2005)