Uploaded scandetd 1.1.4-beta7-1 (sparc) to ftp-master
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 4 Jan 2001 13:00:08 -0500
Source: scandetd
Binary: scandetd
Architecture: sparc
Version: 1.1.4-beta7-1
Distribution: unstable
Urgency: low
Maintainer: Debian/SPARC Build Daemon <buildd@vore.debian.org>
Changed-By: Bradley Alexander <storm@debian.org>
Description:
scandetd - Portscan detector for Linux.
Changes:
scandetd (1.1.4-beta7-1) unstable; urgency=low
.
* new format of HostLogIgnore (HostScanIgnore):
source_IP:src_ports -> dest_IP:dst_ports
for example:
192.168.1.0/24:1024-65535 -> 192.168.1.1:1-1024,3306
.
Port specification allows to use port ranges, ie 1-1024
If destination part (this after "->" sign) is omited then
expression describes source IP and source ports.
I think that PortLogIgnore could be removed because it can be written
in new format, ie:
PortLogIgnore 25,80
is equal to:
0/0 -> 0/0:25,80
NO WHITESPACE IS ALLOWED IN THE PORT SPECIFICATION.
.
* added SyslogFacility which accepts all values described in openlog(3)
(without LOG_ prefix)
* added MailSubject with %p - protocol,%s - source IP, %d - dest IP
(Closes #79811)
* added FloodDetection (yes/no) whether connections to the same
destination port should be skipped or not
* added LogDetails (yes/no). If yes then logging is done in following
format: source_IP (src_port) -> dest_IP (dest_port)
* '-s' command line option - don't start the daemon, just show parsed
config file
* added LogOSFP (yes/no) for enabling logging OS fingerprinting probes
* added OSFPSendMail (yes/no). Email contains gussed type of OS probe
(currently 'nmap', 'queso' or 'unknown'), number of packets and
TCP flags set in each packet
* added log and mail limits. If scan/flood/OSprobe was logged (or email
was sent) and host is still on internal list then there will be no
second warning
* added tracking of destination IP. If scan/flood were made to more than
one IP then it will be noticed in log/email, ie:
"Possible port scan from x.x.x.x to x.x.x.x (and others)"
* drop priviledges code was improved and RunAsGroup was removed. Deamon
will run as RunAsUser with group set to group to which 'RunAsUser'
belongs
* several bug fixes
Files:
fccb8650e30480f423bc9a500f0a8bb0 19930 net optional scandetd_1.1.4-beta7-1_sparc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: Ben Collins <bcollins@debian.org>
iD8DBQE6V/5mfNc/ZB4E7C0RAmiwAJ0VYwukBAl5naxa71vWkNJU0+zcHwCfQIxF
U8ynf9fS1gWqbi+mlm0EPzw=
=8wqz
-----END PGP SIGNATURE-----
Reply to: