Bug#157389: ITP: psad -- The Post Scan Attack Detector (psad)

[Daniel Gubser <daniel.gubser@gutreu.ch>]

Package: wnpp
Version: N/A; reported 2002-08-20
Severity: wishlist

* Package name    : psad
  Version         : 0.9.9
  Upstream Author : Michael B. Rash <mbr@cipherdyne.com>
* URL             : http://www.cipherdyne.com/
* License         : (GPL)
  Description     : The Post Scan Attack Detector (psad)

=> This is a split from the Bastille package <=

 The Port Scan Attack Detector (psad) is a program written in Perl
 that is designed to work with Linux firewalling code (iptables in the
 2.4.x
 kernels, and ipchains in the 2.2.x kernels) to detect port scans.  It
 features a set of highly configurable danger thresholds (with
 sensible
 defaults provided), verbose alert messages that include the source,
 destination, scanned port range, begin and end times, tcp flags
 and
 corresponding nmap options (Linux 2.4.x kernels only), reverse
 DNS info,
 email alerting, and automatic blocking of offending ip addresses
 via dynamic
 configuration of ipchains/iptables firewall rulesets.  In
 addition, for the
 2.4.x kernels psad incorporates many of the tcp signatures
 included in Snort
 to detect highly suspect scans for various backdoor programs
 (e.g. EvilFTP,
 GirlFriend, SubSeven), DDoS tools (mstream, shaft), and
 advanced port scans
 (syn, fin, xmas) which are easily leveraged against a
 machine via nmap.

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux tux 2.4.13win4lin #1 SMP Sun Nov 4 13:14:46 CET 2001 i686
Locale: LANG=de_CH, LC_CTYPE=de_CH