Version 2.2.1 of Port Scan Attack Detector

Release Notes: This release added support for detection of Topera IPv6 scans, Nmap IP protocol scan detection (nmap -sO), a new test suite, email throttling, and per-danger level auto response timeouts.

Other releases

  •  03 Jan 2013 07:11

Release Notes: This release added support for detection of Topera IPv6 scans, Nmap IP protocol scan detection (nmap -sO), a new test suite, email throttling, and per-danger level auto response timeouts.

  •  21 Apr 2012 21:58

    Release Notes: This release adds detection of IPv6 attacks and malicious traffic by parsing ip6tables logs, validation of ICMP6 type/code combinations, a new comprehensive test suite in the test/ directory, a 15% speedup over previous psad releases, a bugfix for the &LOG_DAEMON() error noticed by a few users, and a bugfix for the "qw() used as parentheses" warning for recent versions of Perl.

    •  21 Feb 2009 20:55

    Release Notes: SELinux policy files were added to make psad compatible with SELinux. The files are located in a new "selinux" directory in the sources. A bug was fixed in which local server ports were not reported correctly under netstat parsing. A bug was fixed in the start() function in the Gentoo init script which caused psad to not be started and the error "* ERROR: psad failed to start" to be generated. A bug that occurred when ENABLE_SYSLOG_FILE is enabled was fixed.

    •  22 Aug 2008 14:14

    Release Notes: This release restructures Perl module paths to make it easy to introduce a "nodeps" distribution of psad that does not contain any Perl modules. This allows better integration with systems that already have all necessary modules installed (including the IPTables::ChainMgr and IPTables::Parse modules). The main driver for this work is to make all cipherdyne.org projects easily integrated with distributions based on Debian. A bugfix has been made to honor the IPT_SYSLOG_FILE variable in --Analyze-msgs mode. A switch has been made from the deprecated bleeding-all.rules file to the new emerging-all.rules available from Emerging Threats.

    •  13 Jun 2008 14:01

    Release Notes: This release enables IPT_SYSLOG_FILE by default. This is a relatively important change, since it changes the default method of acquiring iptables log data from reading it from a named pipe from syslog to just parsing the /var/log/messages file. The whois client has been updated to version 4.7.26, Bit::Vector to 6.4, and Date::Calc to 5.4.

    Screenshot

    Project Spotlight

    Octopussy

    A Perl/XML log analyzer, alerter, and reporter.

    Screenshot

    Project Spotlight

    Aspose.Pdf for Java

    A Java component to create PDF documents.