Hi,

On Mon, Feb 01, 2010 at 01:08:41AM +0000, Justin B Rye wrote:
> PSAD's package description could do with some attention.

I agree :)

[...]
> > HomePage: http://www.cipherdyne.org/psad/
> 
> (That camelcase is unconventional, but should be harmless.  So I
> don't know why psad's PTS page doesn't show a link...)

Good catch. I have not even noticed the homepage missing :(

> > Package: psad
> > Architecture: any         
> 
> (Does the dependency on iptables save it from needing to specify
> "except the kfreebsd-* release arches"?)

You are right I have to do something for that for Fwknop as well.

> Discard all this; instead I've taken some text from the upstream
> website.  My patch has this instead:
> 
>  Description: Port Scan Attack Detector
>   PSAD is a collection of four lightweight system daemons (in Perl and
>   C) designed to work with iptables to detect port scans. It features:
>    * a set of highly configurable danger thresholds (with sensible
>      defaults provided);
>    * verbose alert messages that include the source, destination,
>      scanned port range, beginning and end times, TCP flags, and
>      corresponding Nmap options;
>    * reverse DNS information;
>    * alerts via email;
>    * automatic blocking of offending IP addresses via dynamic firewall
>      configuration.
>   .
>   When combined with fwsnort and the Netfilter string match extension,
>   PSAD is capable of detecting many attacks described in the Snort rule
>   set that involve application layer data.

I like it. I will forward the description to upstream since most of it comes
from its README file. 

Thanks.

-- 
Franck Joncourt

Attachment: signature.asc
Description: Digital signature

Reply via email to