Key | Value |
---|---|
FileName | etc/psad/signatures |
FileSize | 45267 |
MD5 | B77EA87A33B16327B675ED7AAC2E5935 |
SHA-1 | 118A5A51ADA03950E02553ECA2EE7DA5C03005FA |
SHA-256 | 2E54D0E8E49DDB49D822C7C0F173ACF760AC50181E36047717C6359ED5C097B9 |
SSDEEP | 768:gFGfE92g4WR6zi4MpTwmsEjtvhV4QidmsZTZkmzChmZmmSfYwnh8d7gl3nAQv5lP:gFWPAYHC9 |
TLSH | T11813007C2FFC69F347D3F330584A22FBB05E94525AA30918ABEC5194A7189E5B5213B3 |
tar:gname | root |
tar:uname | root |
hashlookup:parent-total | 68 |
hashlookup:trust | 100 |
The searched file hash is included in 68 parent files which include package known and seen by metalookup. A sample is included below:
Key | Value |
---|---|
FileSize | 178060 |
MD5 | 5C92B46CA0ACBDEDD32BA03506EE1A91 |
PackageDescription | Port Scan Attack Detector PSAD is a collection of four lightweight system daemons (in Perl and C) designed to work with iptables to detect port scans. It features: * a set of highly configurable danger thresholds (with sensible defaults provided); * verbose alert messages that include the source, destination, scanned port range, beginning and end times, TCP flags, and corresponding Nmap options; * reverse DNS information; * alerts via email; * automatic blocking of offending IP addresses via dynamic firewall configuration. . When combined with fwsnort and the iptables string match extension, PSAD is capable of detecting many attacks described in the Snort rule set that involve application layer data. |
PackageMaintainer | Debian QA Group <packages@qa.debian.org> |
PackageName | psad |
PackageSection | admin |
PackageVersion | 2.4.6-1 |
SHA-1 | 027AD719E050862C177406F7D55920C6C0D4CA6E |
SHA-256 | 07756D5526272DC5987C69FD68BEE895AD6D08A78B245EA7C55F0647A7C2E852 |
Key | Value |
---|---|
FileSize | 177356 |
MD5 | 08389DBF6C2D52B763549F433D4ABFCD |
PackageDescription | Port Scan Attack Detector PSAD is a collection of four lightweight system daemons (in Perl and C) designed to work with iptables to detect port scans. It features: * a set of highly configurable danger thresholds (with sensible defaults provided); * verbose alert messages that include the source, destination, scanned port range, beginning and end times, TCP flags, and corresponding Nmap options; * reverse DNS information; * alerts via email; * automatic blocking of offending IP addresses via dynamic firewall configuration. . When combined with fwsnort and the iptables string match extension, PSAD is capable of detecting many attacks described in the Snort rule set that involve application layer data. |
PackageMaintainer | Thiago Andrade Marques <andrade@debian.org> |
PackageName | psad |
PackageSection | admin |
PackageVersion | 2.4.6-2 |
SHA-1 | 0C9C3223B7B46C9815773895DA0D52CF8CA37681 |
SHA-256 | F53F592525684FBCDEABD81862B4A316DA100AE98E508518E108647AC0607434 |
Key | Value |
---|---|
MD5 | B961A7BF829A6E6FBD893ABF7143FFBD |
PackageArch | ppc64le |
PackageDescription | Port Scan Attack Detector (psad) is a collection of three lightweight system daemons written in Perl and in C that are designed to work with Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, tcp flags and corresponding nmap options, reverse DNS info, email and syslog alerting, automatic blocking of offending ip addresses via dynamic configuration of iptables rulesets, and passive operating system fingerprinting. In addition, psad incorporates many of the tcp, udp, and icmp signatures included in the snort intrusion detection system (https://www.snort.org) to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, xmas) which are easily leveraged against a machine via nmap. psad can also alert on snort signatures that are logged via fwsnort (https://www.cipherdyne.org/fwsnort/), which makes use of the iptables string match module to detect application layer signatures. |
PackageMaintainer | Fedora Project |
PackageName | psad |
PackageRelease | 4.el7 |
PackageVersion | 2.4.3 |
SHA-1 | 0DEACDAC8A6824BFF3795AB4814B64CB09403595 |
SHA-256 | BEAAA126F0F5870CBB2B0DAA2D205DB8F82F08A41B24B568F32BE64AE638285D |
Key | Value |
---|---|
FileSize | 150276 |
MD5 | 6A4B3AFB0110211FEB63743B75147F01 |
PackageDescription | Port Scan Attack Detector PSAD is a collection of four lightweight system daemons (in Perl and C) designed to work with iptables to detect port scans. It features: * a set of highly configurable danger thresholds (with sensible defaults provided); * verbose alert messages that include the source, destination, scanned port range, beginning and end times, TCP flags, and corresponding Nmap options; * reverse DNS information; * alerts via email; * automatic blocking of offending IP addresses via dynamic firewall configuration. . When combined with fwsnort and the iptables string match extension, PSAD is capable of detecting many attacks described in the Snort rule set that involve application layer data. |
PackageMaintainer | Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
PackageName | psad |
PackageSection | admin |
PackageVersion | 2.4.3-1.2 |
SHA-1 | 1760E1C0467D113ECB633F13FEB7400338DC8A82 |
SHA-256 | 32647908524B0610FFDF3181763A1F44E430BDF70E9CA2A6717F99231B398904 |
Key | Value |
---|---|
MD5 | 210F4B4EFEA0A524B8BBFABFC615FD58 |
PackageArch | noarch |
PackageDescription | Port Scan Attack Detector (psad) is a lightweight system daemon written in Perl designed to work with Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, tcp flags and corresponding nmap options, reverse DNS info, email and syslog alerting, automatic blocking of offending ip addresses via dynamic configuration of iptables rulesets, and passive operating system fingerprinting. In addition, psad incorporates many of the tcp, udp, and icmp signatures included in the snort intrusion detection system (https://www.snort.org) to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, xmas) which are easily leveraged against a machine via nmap. psad can also alert on snort signatures that are logged via fwsnort (https://www.cipherdyne.org/fwsnort/), which makes use of the iptables string match module to detect application layer signatures. |
PackageMaintainer | Fedora Project |
PackageName | psad |
PackageRelease | 8.fc34 |
PackageVersion | 2.4.6 |
SHA-1 | 17783DF975B2FA4FE7460AE895D7B9543EFC1411 |
SHA-256 | C341E172679D357503FED7356F6FA03AC9DE0689751CC4DE0BCE96DB666E3302 |
Key | Value |
---|---|
FileName | http://dl-cdn.alpinelinux.org/alpine/latest-stable//community//armhf//psad-2.4.6-r2.apk |
MD5 | 423EA2BE182B7D6F8CE9EBC3F7C25628 |
SHA-1 | 1C8ECC2FBABD78E8912D668DC137BFF6221DAB48 |
SHA-256 | EE189F1A9FA8B3E4A8C2597D2CD6B41B6CDCF05E0EAF08EB6E4125CA266F16D3 |
SSDEEP | 3072:jtEipbA/ymhtD7b8pyHiDGGf1esxlZkZODZfkg+oTRER6:jRA/nF7b8ptDVeycO1fkgDI6 |
TLSH | T116E31289EA5F07FC1BA010320453A5A1CACF2F4B448A59652FE5C8E673F6737AE8715C |
Key | Value |
---|---|
FileSize | 177660 |
MD5 | E999AF4D1388F0EAF56825F09830D92B |
PackageDescription | Port Scan Attack Detector PSAD is a collection of four lightweight system daemons (in Perl and C) designed to work with iptables to detect port scans. It features: * a set of highly configurable danger thresholds (with sensible defaults provided); * verbose alert messages that include the source, destination, scanned port range, beginning and end times, TCP flags, and corresponding Nmap options; * reverse DNS information; * alerts via email; * automatic blocking of offending IP addresses via dynamic firewall configuration. . When combined with fwsnort and the iptables string match extension, PSAD is capable of detecting many attacks described in the Snort rule set that involve application layer data. |
PackageMaintainer | Debian QA Group <packages@qa.debian.org> |
PackageName | psad |
PackageSection | admin |
PackageVersion | 2.4.6-1 |
SHA-1 | 1D33B3D6F6B92118A2B0CE8CBC43F6A2F5AB989B |
SHA-256 | 7B97AF51C6912945866F5D103A452B090E15047E187B736191FF500986512AEA |
Key | Value |
---|---|
FileName | http://dl-cdn.alpinelinux.org/alpine/latest-stable//community//armv7//psad-2.4.6-r3.apk |
MD5 | DF0F16528C41B44DBBB79B414F5E7003 |
SHA-1 | 1D93F802D272BD0CA8F56F83E12CF0ACA136547D |
SHA-256 | DBB286A38180A0DBE3C9FA3E3486CD3EA4A6CF83CE815A623A451AE6D44D9D22 |
SSDEEP | 3072:Xi5JQTTfKkKZGAgF5XFmiUfxAMhVS8cCay6EpZPdKI:XifQTbKkKLRiUZ8Cay6EP1T |
TLSH | T127E3125EF143DCE8A777D0B51BF45EEA60270E2D712089B963408F7384F2D6572DA0A6 |
Key | Value |
---|---|
FileName | http://dl-cdn.alpinelinux.org/alpine/latest-stable//community//armhf//psad-2.4.6-r3.apk |
MD5 | A9C4A17E06AB465C5EDC347E48276F94 |
SHA-1 | 1FF1D79B0016B868BA66582B768C1675D43215B5 |
SHA-256 | 4A399843C77951682128DA3717C9276A692BC226570AFC133B838172720F9723 |
SSDEEP | 3072:0/ww1zUzIJvX7CqTNKKDGGf1esxlZkZODb6xRoPP2lDBIiKZjS:0IwT4KDVeycOv8wy1hKdS |
TLSH | T101E3123FEA6B3710BAF1808770830893CED5ED9A591170902E74F9795279A35EB2E53C |
Key | Value |
---|---|
FileSize | 177320 |
MD5 | C20D9FAEF10CC45DA0696AB19EC9C6A4 |
PackageDescription | Port Scan Attack Detector PSAD is a collection of four lightweight system daemons (in Perl and C) designed to work with iptables to detect port scans. It features: * a set of highly configurable danger thresholds (with sensible defaults provided); * verbose alert messages that include the source, destination, scanned port range, beginning and end times, TCP flags, and corresponding Nmap options; * reverse DNS information; * alerts via email; * automatic blocking of offending IP addresses via dynamic firewall configuration. . When combined with fwsnort and the iptables string match extension, PSAD is capable of detecting many attacks described in the Snort rule set that involve application layer data. |
PackageMaintainer | Franck Joncourt <franck.joncourt@gmail.com> |
PackageName | psad |
PackageSection | admin |
PackageVersion | 2.4.3-1.2~deb9u1 |
SHA-1 | 254D18655CAA3D5036486A7B082CFF2209EC81FE |
SHA-256 | 3F62D71A22A246368CFE7520618EDF9B8217046331714BBEC0AB0B04C0793480 |