Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



IDS: psad-2.0 release

psad-2.0 release

From: Michael Rash <mbr_at_cipherdyne.org>
Date: Mon, 11 Dec 2006 01:31:00 -0500

psad is an iptables log analysis tool, and the psad-2.0 release is now
available:

    http://www.cipherdyne.org/psad/

This release will be discussed in my upcoming book "Linux Firewalls:
Attack Detection and Response": http://www.nostarch.com/firewalls.htm

Here are some of the highlights:

- Completely re-factored Snort rule matching capability. The Snort
  keywords ttl, id, seq, ack, window, icmp_id, icmp_seq, itype, icode,
  ipopts, and sameip are now supported directly through Netfilter log
  messages.

- Signature updates are now published on cipherdyne.org at the link
  below, and psad can download these signatures and put them in place
  within the filesystem with the new --sig-update command line argument.

    http://www.cipherdyne.org/psad/signatures

- Added the ability to parse Netfilter logs and generate CSV formatted
  output. This is useful for visualizing Netfilter data with AfterGlow
  (http://afterglow.sourceforge.net). I have used the --CSV mode along
  with AfterGlow to graphically represent two of the Honeynet scan
  challenges (#30 and #34) that include Netfilter log data:

    http://www.cipherdyne.org/psad/honeynet/scan30/
    http://www.cipherdyne.org/psad/honeynet/scan34/

- Enhanced --Analyze output to include a listing of the top scanned
  ports, top signature matches, and top attackers. Here is an example:

    http://www.cipherdyne.org/psad/honeynet/scan34/psad-analysis.html

- Many other enhancements and a few bugfixes. Here is the complete
  Changelog:

    http://trac.cipherdyne.org/trac/psad/browser/psad/tags/psad-2.0/ChangeLog

Please email me with any questions, comments, or suggestions. 

--
Michael Rash
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------
Received on Dec 12 2006
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos