Release Notes: The ability to re-import scanning ip directories after a restart of psad or a system reboot was added. An analysis mode was added so that a logfile that contains iptables messages (such as the /var/log/messages) can be analyzed for scans. ICMP type and code validation against RFC 792 was added. Excessive strictness with FW_MSG_SEARCH was fixed. The signatures were updated to those included with snort 2.1.
Release Notes: The --Benchmark and --packets command line options have been added to allow easy benchmarking of psad with simulated heavy scans. cipherdyne.com has been completely redesigned, with a FAQ section which includes a discussion on how psad and portsentry are different.
Release Notes: Both kmsgsd and psadwatchd have been re-written in C, resulting in a memory saving of over 6MB.
Release Notes: The --Flush command line option was added to remove any firewall rules that were generated by the auto-blocking code. For iptables firewalls, psad makes use of the nat PREROUTING and mangle PREROUTING chains to more effectively block scanning IPs. The command line options were changed to more accurately reflect the established defaults. Unix::Syslog was updated to version 0.100.
Release Notes: This release adds a psad mailing list hosted at sourceforge.net. Psad.pm now uses croak(), all psad daemons get PID files from psad.conf, and a 10,000-line threshold has been added to the fwdata_archive file.