Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

focus-ids logo IDS mailing list archives

psad-1.4.0 release
From: Michael Rash <mbr () cipherdyne org>
Date: Thu, 2 Dec 2004 09:12:04 -0500
psad-1.4.0 has been released.  This release incorporates true p0f-
style passive OS fingerprinting (requires the usage of the iptables
--log-tcp-options argument).  Psad still supports the old TOS-based
passive OS fingerprinting if the TCP options portion of the TCP
header is not being logged.

Here is an example alert generated by psad-1.4.0 that includes the
new p0f functionality (psad fingerprints the remote OS as
"Linux:2.6::Linux 2.4/2.6"):

http://www.cipherdyne.org/psad/sample_alerts/socks_proxy.html

p0f fingerprints have also been integrated with --Status output:

http://www.cipherdyne.org/psad/sample_alerts/status.html

psad-1.4.0 tarballs, rpms, and Debian packages can be downloaded
here:

http://www.cipherdyne.org/psad/download/

--Mike

Michael Rash
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
  • psad-1.4.0 release Michael Rash (Dec 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]