IDS mailing list archives

Previous By Date Next
Previous By Thread Next

psad-1.4.0 release

From: Michael Rash <mbr () cipherdyne org>
Date: Thu, 2 Dec 2004 09:12:04 -0500
psad-1.4.0 has been released.  This release incorporates true p0f-
style passive OS fingerprinting (requires the usage of the iptables
--log-tcp-options argument).  Psad still supports the old TOS-based
passive OS fingerprinting if the TCP options portion of the TCP
header is not being logged.

Here is an example alert generated by psad-1.4.0 that includes the
new p0f functionality (psad fingerprints the remote OS as
"Linux:2.6::Linux 2.4/2.6"):

http://www.cipherdyne.org/psad/sample_alerts/socks_proxy.html

p0f fingerprints have also been integrated with --Status output:

http://www.cipherdyne.org/psad/sample_alerts/status.html

psad-1.4.0 tarballs, rpms, and Debian packages can be downloaded
here:

http://www.cipherdyne.org/psad/download/

--Mike

Michael Rash
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: