Key | Value |
---|---|
FileName | ./etc/fwsnort/snort_rules/misc.rules |
FileSize | 17107 |
MD5 | 3500E237330506EE0AB0636A78E05978 |
SHA-1 | 1EED8A9E8B23697F8035A5C62292C59CCA291DD0 |
SHA-256 | 66CC33198685D470E50A6ECE3A2592C61DA57CD7B2CCD5E8D8A9F1C4792E70FD |
SSDEEP | 384:1Rhkpby4fDbdCV3e7t4CYV7HXfSHMJjhlZT9Kfniz8xXm9s5yHZQ2lJmFSC0b7ct:1Rhkpby4fDbdo3e7t4CY9HXfSHMJjhli |
TLSH | T11272553C2EAA4C7947F5EB390857335B719ED8539C600F41A3C9225CCAC8DA591E72BB |
hashlookup:parent-total | 69 |
hashlookup:trust | 100 |
The searched file hash is included in 69 parent files which include package known and seen by metalookup. A sample is included below:
Key | Value |
---|---|
MD5 | 45A4B8325F05AE181F666CA24505AAAB |
PackageArch | s390 |
PackageDescription | Port Scan Attack Detector (psad) is a collection of three lightweight system daemons written in Perl and in C that are designed to work with Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, tcp flags and corresponding nmap options, reverse DNS info, email and syslog alerting, automatic blocking of offending ip addresses via dynamic configuration of iptables rulesets, and passive operating system fingerprinting. In addition, psad incorporates many of the tcp, udp, and icmp signatures included in the snort intrusion detection system (http://www.snort.org) to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, xmas) which are easily leveraged against a machine via nmap. psad can also alert on snort signatures that are logged via fwsnort (http://www.cipherdyne.org/fwsnort/), which makes use of the iptables string match module to detect application layer signatures. |
PackageMaintainer | Fedora Project |
PackageName | psad |
PackageRelease | 6.fc23 |
PackageVersion | 2.2.1 |
SHA-1 | 02A293B93629DB38403B1AAB5CA13ED619FD8702 |
SHA-256 | 7034157F3D1C0231E7013D56E19D7C256BD775E07B43E266B4E2A021A6009F1E |
Key | Value |
---|---|
MD5 | B961A7BF829A6E6FBD893ABF7143FFBD |
PackageArch | ppc64le |
PackageDescription | Port Scan Attack Detector (psad) is a collection of three lightweight system daemons written in Perl and in C that are designed to work with Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, tcp flags and corresponding nmap options, reverse DNS info, email and syslog alerting, automatic blocking of offending ip addresses via dynamic configuration of iptables rulesets, and passive operating system fingerprinting. In addition, psad incorporates many of the tcp, udp, and icmp signatures included in the snort intrusion detection system (https://www.snort.org) to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, xmas) which are easily leveraged against a machine via nmap. psad can also alert on snort signatures that are logged via fwsnort (https://www.cipherdyne.org/fwsnort/), which makes use of the iptables string match module to detect application layer signatures. |
PackageMaintainer | Fedora Project |
PackageName | psad |
PackageRelease | 4.el7 |
PackageVersion | 2.4.3 |
SHA-1 | 0DEACDAC8A6824BFF3795AB4814B64CB09403595 |
SHA-256 | BEAAA126F0F5870CBB2B0DAA2D205DB8F82F08A41B24B568F32BE64AE638285D |
Key | Value |
---|---|
MD5 | F65EB8B154A0C040C6FF547E4D319542 |
PackageArch | noarch |
PackageDescription | fwsnort translates Snort rules into equivalent iptables rules and generates a Bourne shell script that implements the resulting iptables commands. In addition, fwsnort (optionally) uses the IPTables::Parse module to parse the iptables ruleset on the machine to determine which Snort rules are applicable to the specific iptables policy. fwsnort is able to translate approximately 60% of all rules from the Snort-2.3.3 IDS into equivalent iptables rules. |
PackageMaintainer | Fedora Project |
PackageName | fwsnort |
PackageRelease | 1.fc22 |
PackageVersion | 1.6.5 |
SHA-1 | 104D53540882C00AD43E25D1B0ED85217E724974 |
SHA-256 | CF00927658F55064667C8A2CC3B9F0B5DA36DC3A1A17DFCB781EE18B3F74FAF2 |
Key | Value |
---|---|
MD5 | 54CDD21BBC84A4CABDA331435819E632 |
PackageArch | ppc64le |
PackageDescription | Port Scan Attack Detector (psad) is a collection of three lightweight system daemons written in Perl and in C that are designed to work with Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, tcp flags and corresponding nmap options, reverse DNS info, email and syslog alerting, automatic blocking of offending ip addresses via dynamic configuration of iptables rulesets, and passive operating system fingerprinting. In addition, psad incorporates many of the tcp, udp, and icmp signatures included in the snort intrusion detection system (http://www.snort.org) to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, xmas) which are easily leveraged against a machine via nmap. psad can also alert on snort signatures that are logged via fwsnort (http://www.cipherdyne.org/fwsnort/), which makes use of the iptables string match module to detect application layer signatures. |
PackageMaintainer | Fedora Project |
PackageName | psad |
PackageRelease | 5.fc21 |
PackageVersion | 2.2.1 |
SHA-1 | 15E0E9D19EC24DC5301DBA46D2FA43409350A3F7 |
SHA-256 | 8D68AD1072D8421F7CA2222622A2CF83AE6CC998F34D26EE7167D43783D0DF6B |
Key | Value |
---|---|
MD5 | 1DE9FB13ED0C22D060A695D6BF5DE2CB |
PackageArch | noarch |
PackageDescription | fwsnort translates Snort rules into equivalent iptables rules and generates a Bourne shell script that implements the resulting iptables commands. This ruleset allows network traffic that exhibits Snort signatures to be logged and/or dropped by iptables directly without putting any interface into promiscuous mode or queuing packets from kernel to user space. In addition, fwsnort (optionally) uses the IPTables::Parse module to parse the iptables ruleset on the machine to determine which Snort rules are applicable to the specific iptables policy. After all, if iptables is blocking all inbound http traffic from external addresses, it is probably not of much use to try detecting inbound attacks against against tcp/80. By default fwsnort generates iptables rules that log Snort sid's with --log-prefix to klogd where the messages can be analyzed with a log watcher such as logwatch or psad (see http://www.cipherdyne.org/psad). fwsnort relies on the iptables string match extension to match Snort content fields in the application portion of ip traffic. Since Snort rules can contain hex data in content fields, fwsnort implements a patch against iptables-1.2.7a which adds a "--hex-string" option which will accept content fields such as "|0d0a5b52504c5d3030320d0a|". fwsnort bundles the latest rule set from Emerging Threats (http://www.emergingthreats.net) and also includes all rules from the Snort-2.3.3 IDS - the final Snort rule set that was released under the GPL. fwsnort is able to translate well over 60% of all bundled rules. For more information about the translation strategy as well as advantages/disadvantages of the method used by fwsnort to obtain intrusion detection data, see the README included with the fwsnort sources or browse to: http://www.cipherdyne.org/fwsnort/ |
PackageMaintainer | umeabot <umeabot> |
PackageName | fwsnort |
PackageRelease | 2.mga7 |
PackageVersion | 1.6.8 |
SHA-1 | 1655E61088A6FEE30058894AE91221A1158B291A |
SHA-256 | BECB99C34E49DE4A9031770B1DD09964E78B3DDA6FF1BCEC3FE851609E0BBBC1 |
Key | Value |
---|---|
MD5 | 5F75F201039630C406C4A5D6D355C74A |
PackageArch | ppc |
PackageDescription | Port Scan Attack Detector (psad) is a collection of three lightweight system daemons written in Perl and in C that are designed to work with Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, tcp flags and corresponding nmap options, reverse DNS info, email and syslog alerting, automatic blocking of offending ip addresses via dynamic configuration of iptables rulesets, and passive operating system fingerprinting. In addition, psad incorporates many of the tcp, udp, and icmp signatures included in the snort intrusion detection system (http://www.snort.org) to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, xmas) which are easily leveraged against a machine via nmap. psad can also alert on snort signatures that are logged via fwsnort (http://www.cipherdyne.org/fwsnort/), which makes use of the iptables string match module to detect application layer signatures. |
PackageMaintainer | Fedora Project |
PackageName | psad |
PackageRelease | 3.fc20 |
PackageVersion | 2.2.1 |
SHA-1 | 167A8DC3C129BF067177F754435ED290AE8D6BA1 |
SHA-256 | 41C8A868A07025203F1532FAB9D9F4202CB6E1F72A20069850480820FCE0CE13 |
Key | Value |
---|---|
MD5 | A508A61F4D8BCE7097C2156309AF3CF2 |
PackageArch | noarch |
PackageDescription | fwsnort translates Snort rules into equivalent iptables rules and generates a Bourne shell script that implements the resulting iptables commands. In addition, fwsnort (optionally) uses the IPTables::Parse module to parse the iptables ruleset on the machine to determine which Snort rules are applicable to the specific iptables policy. fwsnort is able to translate approximately 60% of all rules from the Snort-2.3.3 IDS into equivalent iptables rules. |
PackageMaintainer | Fedora Project |
PackageName | fwsnort |
PackageRelease | 1.fc16 |
PackageVersion | 1.6.1 |
SHA-1 | 16AB1075EB874E8888D8D135A4BBC15BD261E896 |
SHA-256 | 7EC22ABB32BCE19341B777E5F41E44A272E5DA4F212C31BAB175845A6DE21273 |
Key | Value |
---|---|
MD5 | 210F4B4EFEA0A524B8BBFABFC615FD58 |
PackageArch | noarch |
PackageDescription | Port Scan Attack Detector (psad) is a lightweight system daemon written in Perl designed to work with Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, tcp flags and corresponding nmap options, reverse DNS info, email and syslog alerting, automatic blocking of offending ip addresses via dynamic configuration of iptables rulesets, and passive operating system fingerprinting. In addition, psad incorporates many of the tcp, udp, and icmp signatures included in the snort intrusion detection system (https://www.snort.org) to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, xmas) which are easily leveraged against a machine via nmap. psad can also alert on snort signatures that are logged via fwsnort (https://www.cipherdyne.org/fwsnort/), which makes use of the iptables string match module to detect application layer signatures. |
PackageMaintainer | Fedora Project |
PackageName | psad |
PackageRelease | 8.fc34 |
PackageVersion | 2.4.6 |
SHA-1 | 17783DF975B2FA4FE7460AE895D7B9543EFC1411 |
SHA-256 | C341E172679D357503FED7356F6FA03AC9DE0689751CC4DE0BCE96DB666E3302 |
Key | Value |
---|---|
MD5 | A8FAB92468770B95A7E9F25F1D2B5645 |
PackageArch | noarch |
PackageDescription | fwsnort translates Snort rules into equivalent iptables rules and generates a Bourne shell script that implements the resulting iptables commands. In addition, fwsnort (optionally) uses the IPTables::Parse module to parse the iptables ruleset on the machine to determine which Snort rules are applicable to the specific iptables policy. fwsnort is able to translate approximately 60% of all rules from the Snort-2.3.3 IDS into equivalent iptables rules. |
PackageMaintainer | Fedora Project |
PackageName | fwsnort |
PackageRelease | 1.fc21 |
PackageVersion | 1.6.5 |
SHA-1 | 19259F08EAB99CEB7A7E9256A3C219354A480E39 |
SHA-256 | 3C699AA5A741F09E189D801B899EEA283F1F3317B48A264F1575C23C1C421419 |
Key | Value |
---|---|
MD5 | 93A1DD0EC23E4860FB0DEA6C1C51FE69 |
PackageArch | noarch |
PackageDescription | fwsnort translates Snort rules into equivalent iptables rules and generates a Bourne shell script that implements the resulting iptables commands. In addition, fwsnort (optionally) uses the IPTables::Parse module to parse the iptables ruleset on the machine to determine which Snort rules are applicable to the specific iptables policy. fwsnort is able to translate approximately 60% of all rules from the Snort-2.3.3 IDS into equivalent iptables rules. |
PackageMaintainer | Fedora Project |
PackageName | fwsnort |
PackageRelease | 20.fc34 |
PackageVersion | 1.6.5 |
SHA-1 | 1E40A54AF53DC736D2AE2D4C1ADE711EB9ADAA1B |
SHA-256 | 0A73150BC8651317796E39B93A4C0F9C49AE41B50202709245FE3C350228B09E |