[Dshield] psad-1.2 release
mbr at cipherdyne.com
Thu Jun 19 14:07:21 GMT 2003
(I'm posting this since psad now includes the ability to send alerts
in the dshield format to dshield.)
Here are the changes since psad-1.1.1:
-Added passive OS fingerprinting based on packet ttl, length,
tos, and id fields.
-Added dshield.org alerting capability.
-Added exec_external_script() for external script execution.
-Added auto blocked timeouts.
-Implemented config re-imports via HUP signals in a manner
similar to various other system daemons (sysylog, apache
-Better --Status output that shows packet counts per protocol
for each ip.
-Added --ip-status for more verbose status output for a
particular ip address.
-Added config preservation code to install.pl.
-Split psad.conf into a separate config file for each of the
four psad daemons.
-Completely re-worked the auto blocking code (made dedicated
files for iptables and ipchains block methods).
-Added danger level hash.
-Minor code cleanups (shorter hash keys, etc.).
Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
More information about the list