Skip to content
Commits on Jan 3, 2013
  1. changes since psad-2.2

  2. changes since psad-2.2

Commits on Jan 2, 2013
  1. bumped version to 2.2.1

  2. Added EMAIL_THROTTLE for email throttling

    Added the ability to throttle emails generated by psad via a new
    EMAIL_THROTTLE variable which is implemented as a per-IP threshold.  That
    is, if EMAIL_THROTTLE is set to "10", then psad will only send 1/10th as
    many emails for each scanning IP as it would have normally.  This feature
    was suggested by Naji Mouawad.
  3. Configurable auto-blocking timeout values.

    Oscar Marley suggested configurable auto-blocking timeout values depending on
    the danger level that a scan or attack achieves.  This resulted in the
    implementation of the AUTO_BLOCK_DL*_TIMEOUT variables.
Commits on Dec 23, 2012
Commits on Dec 21, 2012
  1. Detect Topera IPv6 scans when IP options are logged

    Added detection for Topera IPv6 scans when --log-ip-options is used in
    the ip6tables logging rule.  When this option is not used, the previous                                                                                                                        psad-2.2 release detected Topera scans.  An example TCP SYN packet
    generated by Topera when --log-ip-options is used looks like this (note                                                                                                                        the series of empty IP options strings "OPT ( )":
        Dec 20 20:10:40 rohan kernel: [  488.495776] DROP IN=eth0 OUT=                                                                                                                                 MAC=00:1b:b9:76:9c:e4:00:13:46:3a:41:36:86:dd
        SRC=2012:1234:1234:0000:0000:0000:0000:0001                                                                                                                                                    DST=2012:1234:1234:0000:0000:0000:0000:0002 LEN=132 TC=0 HOPLIMIT=64
        FLOWLBL=0 OPT ( ) OPT ( ) OPT ( ) OPT ( ) OPT ( ) OPT ( ) OPT ( )                                                                                                                              OPT ( ) OPT ( ) PROTO=TCP SPT=61287 DPT=1 WINDOW=8192 RES=0x00 SYN
Commits on Dec 18, 2012
  1. Parse fwsnort rules for 'msg' fields

    Added the ability to acquire Snort rule 'msg' fields from fwsnort if
    it's also installed.  A new variable FWSNORT_RULES_DIR tells psad where
    to look for the fwsnort rule set.  This fixes a problem reported by Pui
    Edylie to the psad mailing list where fwsnort logged an attack that psad
    could not map back to a descriptive 'msg' field.
Commits on Dec 16, 2012
Commits on Dec 15, 2012
Commits on Dec 10, 2012
  1. remove 'multiproto' hash key in favor of new 'tot_protocols' hash key…

    … (used in -sO protocol scan detection)
Commits on Dec 8, 2012
  1. added IP protocol scan test

Commits on Dec 1, 2012
Commits on Nov 23, 2012
  1. another hyphen fix

Commits on Nov 21, 2012
  1. added Gregorio Narvaez

  2. Bug fix for NetAddr::IP usage in --analysis-fields IP search mode

    Bug fix in --Analyze mode when IP fields are to be searched with the
    --analysis-fields argument (such as --analysis-fields "SRC:").
    The bug was reported by Gregorio Narvaez, and looked like this:
      Use of uninitialized value $_[0] in length at
      ../../blib/lib/NetAddr/IP/ (autosplit into
      ../../blib/lib/auto/NetAddr/IP/UtilPP/ line 126.
      Use of uninitialized value $_[0] in length at
      ../../blib/lib/NetAddr/IP/ (autosplit into
      ../../blib/lib/auto/NetAddr/IP/UtilPP/ line 126.
      Bad argument length for NetAddr::IP::UtilPP::hasbits, is 0, should be
      128 at ../../blib/lib/NetAddr/IP/ (autosplit into
      ../../blib/lib/auto/NetAddr/IP/UtilPP/ line 122.
    Added --stdin argument to allow psad to collect iptables log data from
    STDIN in --Analyze mode.
Commits on Jun 12, 2012
  1. bumped version to psad-2.3-pre1

Commits on May 27, 2012
Commits on Apr 21, 2012
  1. bumped version to 2.2

  2. Added install.answers.example file to illustrate answers t…

    …o be consumed by --Use-answers
  3. changelog and credits update

Something went wrong with that request. Please try again.