Permalink
Browse files

first cut at IP protocol scan detection (nmap -sO)

  • Loading branch information...
1 parent 518880f commit 91dfe52f4a340ba52d70e03b40fb43b71774b0d5 @mrash committed Dec 8, 2012
View
@@ -1,4 +1,8 @@
-psad-2.2.1 (11/24/2012):
+psad-2.2.1 (12//2012):
+ - Added IP protocol scan detection (nmap -sO). A new psad.conf variable
+ PROTOCOL_SCAN_THRESHOLD defines the minimum number of different IP
+ protocols (default = 5) that must be scanned before an alert is
+ triggered.
- Bug fix in --Analyze mode when IP fields are to be searched with the
--analysis-fields argument (such as --analysis-fields "SRC:1.2.3.4").
The bug was reported by Gregorio Narvaez, and looked like this:
@@ -14,7 +18,10 @@ psad-2.2.1 (11/24/2012):
../../blib/lib/auto/NetAddr/IP/UtilPP/_deadlen.al) line 122.
- Added --stdin argument to allow psad to collect iptables log data from
- STDIN in --Analyze mode.
+ STDIN in --Analyze mode. This makes it easier to run an iptables logs
+ through psad from arbitrary files like so:
+
+ # grep "IN=.*OUT=" /var/log/kern.log | psad -A --stdin
psad-2.2 (02/20/2012):
- Added support for detection of malicious traffic that is delivered via
View
@@ -1 +1 @@
-psad-2.3-pre1
+2.3-pre1
View
2 nf2csv
@@ -36,7 +36,7 @@
use Getopt::Long 'GetOptions';
use strict;
-my $version = 'psad-2.3-pre1';
+my $version = '2.3-pre1';
### regex to match an ip address
my $ip_re = qr|(?:[0-2]?\d{1,2}\.){3}[0-2]?\d{1,2}|;
Oops, something went wrong.

0 comments on commit 91dfe52

Please sign in to comment.