Version 2.2.1 of Port Scan Attack Detector
Release Notes: This release added support for detection of Topera IPv6 scans, Nmap IP protocol scan detection (nmap -sO), a new test suite, email throttling, and per-danger level auto response timeouts.
Other releases
Release Notes: This release added support for detection of Topera IPv6 scans, Nmap IP protocol scan detection (nmap -sO), a new test suite, email throttling, and per-danger level auto response timeouts.
Release Notes: This release adds detection of IPv6 attacks and malicious traffic by parsing ip6tables logs, validation of ICMP6 type/code combinations, a new comprehensive test suite in the test/ directory, a 15% speedup over previous psad releases, a bugfix for the &LOG_DAEMON() error noticed by a few users, and a bugfix for the "qw() used as parentheses" warning for recent versions of Perl.
Release Notes: SELinux policy files were added to make psad compatible with SELinux. The files are located in a new "selinux" directory in the sources. A bug was fixed in which local server ports were not reported correctly under netstat parsing. A bug was fixed in the start() function in the Gentoo init script which caused psad to not be started and the error "* ERROR: psad failed to start" to be generated. A bug that occurred when ENABLE_SYSLOG_FILE is enabled was fixed.
Release Notes: This release restructures Perl module paths to make it easy to introduce a "nodeps" distribution of psad that does not contain any Perl modules. This allows better integration with systems that already have all necessary modules installed (including the IPTables::ChainMgr and IPTables::Parse modules). The main driver for this work is to make all cipherdyne.org projects easily integrated with distributions based on Debian. A bugfix has been made to honor the IPT_SYSLOG_FILE variable in --Analyze-msgs mode. A switch has been made from the deprecated bleeding-all.rules file to the new emerging-all.rules available from Emerging Threats.
Release Notes: This release enables IPT_SYSLOG_FILE by default. This is a relatively important change, since it changes the default method of acquiring iptables log data from reading it from a named pipe from syslog to just parsing the /var/log/messages file. The whois client has been updated to version 4.7.26, Bit::Vector to 6.4, and Date::Calc to 5.4.
