IDS mailing list archives
psad-1.4.0 release
From: Michael Rash <mbr () cipherdyne org>
Date: Thu, 2 Dec 2004 09:12:04 -0500
psad-1.4.0 has been released. This release incorporates true p0f- style passive OS fingerprinting (requires the usage of the iptables --log-tcp-options argument). Psad still supports the old TOS-based passive OS fingerprinting if the TCP options portion of the TCP header is not being logged. Here is an example alert generated by psad-1.4.0 that includes the new p0f functionality (psad fingerprints the remote OS as "Linux:2.6::Linux 2.4/2.6"): http://www.cipherdyne.org/psad/sample_alerts/socks_proxy.html p0f fingerprints have also been integrated with --Status output: http://www.cipherdyne.org/psad/sample_alerts/status.html psad-1.4.0 tarballs, rpms, and Debian packages can be downloaded here: http://www.cipherdyne.org/psad/download/ --Mike Michael Rash http://www.cipherdyne.org/ Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- psad-1.4.0 release Michael Rash (Dec 02)