Please sign in to comment.
Bug fix for scan sources reported as destinations
In the /var/log/psad/<ip>/ directories, whois information is stored in the <IP>_whois files, the IP in the filename was included as a destination IP under the psad -S output. This commit fixes this bug. Here is an example of the invalid output: [+] IP Status Detail: SRC: 188.8.131.52, DL: 2, Dsts: 2, Pkts: 1, Unique sigs: 1, Email alerts: 1 DST: 184.108.40.206, Local IP Scanned ports: TCP 1433, Pkts: 1, Chain: INPUT, Intf: eth0 Signature match: "MISC Microsoft SQL Server communication attempt" TCP, Chain: INPUT, Count: 1, DP: 1433, SYN, Sid: 100205 DST: 220.127.116.11
- Loading branch information...