Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bug fix for scan sources reported as destinations
In the /var/log/psad/<ip>/ directories, whois information is stored in the <IP>_whois files, the IP in the filename was included as a destination IP under the psad -S output. This commit fixes this bug. Here is an example of the invalid output: [+] IP Status Detail: SRC: 123.123.123.221, DL: 2, Dsts: 2, Pkts: 1, Unique sigs: 1, Email alerts: 1 DST: 1.2.3.4, Local IP Scanned ports: TCP 1433, Pkts: 1, Chain: INPUT, Intf: eth0 Signature match: "MISC Microsoft SQL Server communication attempt" TCP, Chain: INPUT, Count: 1, DP: 1433, SYN, Sid: 100205 DST: 123.123.123.221
- Loading branch information