Detecting port scan attacks.
by The Uni-Hacker on Aug.22, 2008, under Security
Detect those annoying port scanning kiddies with psad, a port scan detecting app that not only works, but is GPL licensed. The software comes with email alerts, automatic IP blocking and threshold settings allowing the scanner ot be fulling customizable, plus its open source.
The Port Scan Attack Detector (psad) is a collection of three system daemons that are designed to work with the Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults), verbose alert messages, email alerting, DShield reporting, and automatic blocking of offending IP addresses. Psad incorporates many of the packet signatures included in Snort to detect various kinds of suspicious scans, and implements the same passive OS fingerprinting algorithm used by p0f.
to view the picture in full size.