Result for 1E416367998CA4016B29DB5ED9810A231AC0C1AD

Query result

Key Value
FileName./etc/fwsnort/snort_rules/web-frontpage.rules
FileSize9423
MD5DDF939AD4659A2BCB830DA3C5A376F6F
SHA-11E416367998CA4016B29DB5ED9810A231AC0C1AD
SHA-25627D4F4AFFACEC7BAC6CBF57C7B5DC88DD41536FCE0C5E0E585410ACF7EDB3778
SSDEEP48:gQBXHnwjYEWoD+fl7dmjlNZ++PPFT68/jVcV8T52WPRlbyjmfrkYsS5BAlBkfIOD:1wbDiHDUbmqLA/kgSaJm6rRFj7truN
TLSHT10312F0AE1E655CB85BD7F2350D5663E770CBC8CE08294E8267D52A28438DFAD41722B3
hashlookup:parent-total69
hashlookup:trust100

Network graph view

Parents (Total: 69)

The searched file hash is included in 69 parent files which include package known and seen by metalookup. A sample is included below:

Key Value
MD545A4B8325F05AE181F666CA24505AAAB
PackageArchs390
PackageDescriptionPort Scan Attack Detector (psad) is a collection of three lightweight system daemons written in Perl and in C that are designed to work with Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, tcp flags and corresponding nmap options, reverse DNS info, email and syslog alerting, automatic blocking of offending ip addresses via dynamic configuration of iptables rulesets, and passive operating system fingerprinting. In addition, psad incorporates many of the tcp, udp, and icmp signatures included in the snort intrusion detection system (http://www.snort.org) to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, xmas) which are easily leveraged against a machine via nmap. psad can also alert on snort signatures that are logged via fwsnort (http://www.cipherdyne.org/fwsnort/), which makes use of the iptables string match module to detect application layer signatures.
PackageMaintainerFedora Project
PackageNamepsad
PackageRelease6.fc23
PackageVersion2.2.1
SHA-102A293B93629DB38403B1AAB5CA13ED619FD8702
SHA-2567034157F3D1C0231E7013D56E19D7C256BD775E07B43E266B4E2A021A6009F1E
Key Value
MD5B961A7BF829A6E6FBD893ABF7143FFBD
PackageArchppc64le
PackageDescriptionPort Scan Attack Detector (psad) is a collection of three lightweight system daemons written in Perl and in C that are designed to work with Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, tcp flags and corresponding nmap options, reverse DNS info, email and syslog alerting, automatic blocking of offending ip addresses via dynamic configuration of iptables rulesets, and passive operating system fingerprinting. In addition, psad incorporates many of the tcp, udp, and icmp signatures included in the snort intrusion detection system (https://www.snort.org) to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, xmas) which are easily leveraged against a machine via nmap. psad can also alert on snort signatures that are logged via fwsnort (https://www.cipherdyne.org/fwsnort/), which makes use of the iptables string match module to detect application layer signatures.
PackageMaintainerFedora Project
PackageNamepsad
PackageRelease4.el7
PackageVersion2.4.3
SHA-10DEACDAC8A6824BFF3795AB4814B64CB09403595
SHA-256BEAAA126F0F5870CBB2B0DAA2D205DB8F82F08A41B24B568F32BE64AE638285D
Key Value
MD5F65EB8B154A0C040C6FF547E4D319542
PackageArchnoarch
PackageDescriptionfwsnort translates Snort rules into equivalent iptables rules and generates a Bourne shell script that implements the resulting iptables commands. In addition, fwsnort (optionally) uses the IPTables::Parse module to parse the iptables ruleset on the machine to determine which Snort rules are applicable to the specific iptables policy. fwsnort is able to translate approximately 60% of all rules from the Snort-2.3.3 IDS into equivalent iptables rules.
PackageMaintainerFedora Project
PackageNamefwsnort
PackageRelease1.fc22
PackageVersion1.6.5
SHA-1104D53540882C00AD43E25D1B0ED85217E724974
SHA-256CF00927658F55064667C8A2CC3B9F0B5DA36DC3A1A17DFCB781EE18B3F74FAF2
Key Value
MD554CDD21BBC84A4CABDA331435819E632
PackageArchppc64le
PackageDescriptionPort Scan Attack Detector (psad) is a collection of three lightweight system daemons written in Perl and in C that are designed to work with Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, tcp flags and corresponding nmap options, reverse DNS info, email and syslog alerting, automatic blocking of offending ip addresses via dynamic configuration of iptables rulesets, and passive operating system fingerprinting. In addition, psad incorporates many of the tcp, udp, and icmp signatures included in the snort intrusion detection system (http://www.snort.org) to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, xmas) which are easily leveraged against a machine via nmap. psad can also alert on snort signatures that are logged via fwsnort (http://www.cipherdyne.org/fwsnort/), which makes use of the iptables string match module to detect application layer signatures.
PackageMaintainerFedora Project
PackageNamepsad
PackageRelease5.fc21
PackageVersion2.2.1
SHA-115E0E9D19EC24DC5301DBA46D2FA43409350A3F7
SHA-2568D68AD1072D8421F7CA2222622A2CF83AE6CC998F34D26EE7167D43783D0DF6B
Key Value
MD51DE9FB13ED0C22D060A695D6BF5DE2CB
PackageArchnoarch
PackageDescriptionfwsnort translates Snort rules into equivalent iptables rules and generates a Bourne shell script that implements the resulting iptables commands. This ruleset allows network traffic that exhibits Snort signatures to be logged and/or dropped by iptables directly without putting any interface into promiscuous mode or queuing packets from kernel to user space. In addition, fwsnort (optionally) uses the IPTables::Parse module to parse the iptables ruleset on the machine to determine which Snort rules are applicable to the specific iptables policy. After all, if iptables is blocking all inbound http traffic from external addresses, it is probably not of much use to try detecting inbound attacks against against tcp/80. By default fwsnort generates iptables rules that log Snort sid's with --log-prefix to klogd where the messages can be analyzed with a log watcher such as logwatch or psad (see http://www.cipherdyne.org/psad). fwsnort relies on the iptables string match extension to match Snort content fields in the application portion of ip traffic. Since Snort rules can contain hex data in content fields, fwsnort implements a patch against iptables-1.2.7a which adds a "--hex-string" option which will accept content fields such as "|0d0a5b52504c5d3030320d0a|". fwsnort bundles the latest rule set from Emerging Threats (http://www.emergingthreats.net) and also includes all rules from the Snort-2.3.3 IDS - the final Snort rule set that was released under the GPL. fwsnort is able to translate well over 60% of all bundled rules. For more information about the translation strategy as well as advantages/disadvantages of the method used by fwsnort to obtain intrusion detection data, see the README included with the fwsnort sources or browse to: http://www.cipherdyne.org/fwsnort/
PackageMaintainerumeabot <umeabot>
PackageNamefwsnort
PackageRelease2.mga7
PackageVersion1.6.8
SHA-11655E61088A6FEE30058894AE91221A1158B291A
SHA-256BECB99C34E49DE4A9031770B1DD09964E78B3DDA6FF1BCEC3FE851609E0BBBC1
Key Value
MD55F75F201039630C406C4A5D6D355C74A
PackageArchppc
PackageDescriptionPort Scan Attack Detector (psad) is a collection of three lightweight system daemons written in Perl and in C that are designed to work with Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, tcp flags and corresponding nmap options, reverse DNS info, email and syslog alerting, automatic blocking of offending ip addresses via dynamic configuration of iptables rulesets, and passive operating system fingerprinting. In addition, psad incorporates many of the tcp, udp, and icmp signatures included in the snort intrusion detection system (http://www.snort.org) to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, xmas) which are easily leveraged against a machine via nmap. psad can also alert on snort signatures that are logged via fwsnort (http://www.cipherdyne.org/fwsnort/), which makes use of the iptables string match module to detect application layer signatures.
PackageMaintainerFedora Project
PackageNamepsad
PackageRelease3.fc20
PackageVersion2.2.1
SHA-1167A8DC3C129BF067177F754435ED290AE8D6BA1
SHA-25641C8A868A07025203F1532FAB9D9F4202CB6E1F72A20069850480820FCE0CE13
Key Value
MD5A508A61F4D8BCE7097C2156309AF3CF2
PackageArchnoarch
PackageDescriptionfwsnort translates Snort rules into equivalent iptables rules and generates a Bourne shell script that implements the resulting iptables commands. In addition, fwsnort (optionally) uses the IPTables::Parse module to parse the iptables ruleset on the machine to determine which Snort rules are applicable to the specific iptables policy. fwsnort is able to translate approximately 60% of all rules from the Snort-2.3.3 IDS into equivalent iptables rules.
PackageMaintainerFedora Project
PackageNamefwsnort
PackageRelease1.fc16
PackageVersion1.6.1
SHA-116AB1075EB874E8888D8D135A4BBC15BD261E896
SHA-2567EC22ABB32BCE19341B777E5F41E44A272E5DA4F212C31BAB175845A6DE21273
Key Value
MD5210F4B4EFEA0A524B8BBFABFC615FD58
PackageArchnoarch
PackageDescriptionPort Scan Attack Detector (psad) is a lightweight system daemon written in Perl designed to work with Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, tcp flags and corresponding nmap options, reverse DNS info, email and syslog alerting, automatic blocking of offending ip addresses via dynamic configuration of iptables rulesets, and passive operating system fingerprinting. In addition, psad incorporates many of the tcp, udp, and icmp signatures included in the snort intrusion detection system (https://www.snort.org) to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, xmas) which are easily leveraged against a machine via nmap. psad can also alert on snort signatures that are logged via fwsnort (https://www.cipherdyne.org/fwsnort/), which makes use of the iptables string match module to detect application layer signatures.
PackageMaintainerFedora Project
PackageNamepsad
PackageRelease8.fc34
PackageVersion2.4.6
SHA-117783DF975B2FA4FE7460AE895D7B9543EFC1411
SHA-256C341E172679D357503FED7356F6FA03AC9DE0689751CC4DE0BCE96DB666E3302
Key Value
MD5A8FAB92468770B95A7E9F25F1D2B5645
PackageArchnoarch
PackageDescriptionfwsnort translates Snort rules into equivalent iptables rules and generates a Bourne shell script that implements the resulting iptables commands. In addition, fwsnort (optionally) uses the IPTables::Parse module to parse the iptables ruleset on the machine to determine which Snort rules are applicable to the specific iptables policy. fwsnort is able to translate approximately 60% of all rules from the Snort-2.3.3 IDS into equivalent iptables rules.
PackageMaintainerFedora Project
PackageNamefwsnort
PackageRelease1.fc21
PackageVersion1.6.5
SHA-119259F08EAB99CEB7A7E9256A3C219354A480E39
SHA-2563C699AA5A741F09E189D801B899EEA283F1F3317B48A264F1575C23C1C421419
Key Value
MD593A1DD0EC23E4860FB0DEA6C1C51FE69
PackageArchnoarch
PackageDescriptionfwsnort translates Snort rules into equivalent iptables rules and generates a Bourne shell script that implements the resulting iptables commands. In addition, fwsnort (optionally) uses the IPTables::Parse module to parse the iptables ruleset on the machine to determine which Snort rules are applicable to the specific iptables policy. fwsnort is able to translate approximately 60% of all rules from the Snort-2.3.3 IDS into equivalent iptables rules.
PackageMaintainerFedora Project
PackageNamefwsnort
PackageRelease20.fc34
PackageVersion1.6.5
SHA-11E40A54AF53DC736D2AE2D4C1ADE711EB9ADAA1B
SHA-2560A73150BC8651317796E39B93A4C0F9C49AE41B50202709245FE3C350228B09E