[Dshield] psad-1.2 release

Michael Rash mbr at cipherdyne.com
Thu Jun 19 14:07:21 GMT 2003


(I'm posting this since psad now includes the ability to send alerts
in the dshield format to dshield.)

Here are the changes since psad-1.1.1:

    -Added passive OS fingerprinting based on packet ttl, length,
     tos, and id fields.
    -Added dshield.org alerting capability.
    -Added exec_external_script() for external script execution.
    -Added auto blocked timeouts.
    -Implemented config re-imports via HUP signals in a manner
     similar to various other system daemons (sysylog, apache
     etc.)
    -Better --Status output that shows packet counts per protocol
     for each ip.
    -Added --ip-status for more verbose status output for a
     particular ip address.
    -Added config preservation code to install.pl.
    -Added Psad::psyslog().
    -Split psad.conf into a separate config file for each of the
     four psad daemons.
    -Completely re-worked the auto blocking code (made dedicated
     files for iptables and ipchains block methods).
    -Added danger level hash.
    -Minor code cleanups (shorter hash keys, etc.).

--Mike

Michael Rash
http://www.cipherdyne.com
Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F




More information about the list mailing list