Author Topic: Defend Your Ports with Port Scan Attack Detector (PSAD)  (Read 707 times)

Online VinDSL

  • Administrator
  • Hero
  • *****
  • Posts: 5878
  • Karma: 1153
  • Team Peppermint
    • View Profile
  • Peppermint version(s): Developmental Builds
Defend Your Ports with Port Scan Attack Detector (PSAD)
« on: March 17, 2017, 04:14:53 am »
All hail PSAD !   8)

The Port Scan Attack Detector (PSAD) is a lightweight system daemon that is designed to work with Linux iptables/firewall code to discover suspicious traffic such as port scans, backdoors, botnet command and control communications, and more. It includes a set of vastly configurable danger thresholds, long-winded alert messages that comprise of the source, destination, scanned port range, begin and end times, TCP flags and equivalent nmap options, reverse DNS info, email and syslog alerting, automatic blocking of offending IP addresses via dynamic configuration of iptables rulesets, passive operating system fingerprinting, and DShield reporting.



Available in the 'Universe (System Administration)' repo too, if you want to use Synaptic. 
« Last Edit: March 17, 2017, 04:19:08 pm by VinDSL »

Offline zebedeeboss

  • Global Moderator
  • Hero
  • *****
  • Posts: 3233
  • Karma: 625
  • Life first... Peppermint a close 2nd :)
    • View Profile
  • Peppermint version(s): P10 / P9 Respin
Re: Defend Your Ports with Port Scan Attack Detector (PSAD)
« Reply #1 on: March 17, 2017, 04:39:32 am »
My Port is generally never open that long.

I can go through a whole bottle in a couple of nights  :P

Regards Zeb...
Be Kind Whenever Possible...   It is Always Possible - Dalai Lama

P10r x64 Desktop - AMD Threadripper 2950X - 64Gb RAM - NVIDIA RTX2080Ti 11Gb - 2 x 27" 4k