Package: psad (2.1.5-1) [debports]

Links for psad

Debian Resources:

Download Source Package psad:

Maintainers:

Daniel Gubser (QA Page)
Franck Joncourt (QA Page)

External Resources:

Homepage [www.cipherdyne.org]

Similar packages:

The Port Scan Attack Detector

PSAD is a collection of four lightweight system daemons written in Perl and in C that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, tcp flags and corresponding nmap options (Linux 2.4.x kernels only), reverse DNS info, email alerting, and automatic blocking of offending ip addresses via dynamic configuration of ipchains/iptables firewall rulesets.

In addition, for the 2.4.x kernels psad incorporates many of the tcp signatures included in Snort to detect highly suspect scans for:

 * various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven)
 * DDoS tools (mstream, shaft)
 * advanced port scans (syn, fin, xmas) such as those made with nmap

Tags: System Administration: Monitoring, Implemented in: Perl, User Interface: Daemon, Networking: Firewall, Server, Role: Program, Security: Firewall, Intrusion Detection, Purpose: Checking

Other Packages Related to psad

depends

recommends

suggests

dep: iptables

administration tools for packet filtering and NAT
dep: libc6 (>= 2.5-5)

Embedded GNU C Library: Shared libraries
also a virtual package provided by libc6-udeb
dep: libcarp-clan-perl

Perl enhancement to Carp error logging facilities
dep: libdate-calc-perl

Perl library for accessing dates
dep: libiptables-chainmgr-perl

Perl extension for manipulating iptables policies
dep: libiptables-parse-perl

Perl extension for parsing iptables firewall rulesets
dep: libnetwork-ipv4addr-perl

Perl extension for manipulating IPv4 addresses
dep: libunix-syslog-perl

Perl interface to the UNIX syslog(3) calls
dep: perl

Larry Wall's Practical Extraction and Report Language
dep: psmisc

utilities that use the proc file system
dep: rsyslog

enhanced multi-threaded syslogd

or system-log-daemon

virtual package provided by dsyslog, inetutils-syslogd, rsyslog, socklog-run, sysklogd, syslog-ng
dep: whois

an intelligent whois client

rec: bastille

Security hardening tool

sug: fwsnort

Snort-to-iptables rule translator

Download psad

Download for all available architectures
Architecture	Package Size	Installed Size	Files
m68k (unofficial port)	176.4 kB	676 kB	[list of files]