Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

psad-2.0.4 released

from [Michael Rash] Network Security [Permanent Link]
Subject: psad-2.0.4 released
Date: Sat, 27 Jan 2007 12:33:32 -0500 
Hi all -

psad-2.0.4 has been released.  Here is the complete change log:

- Added Snort rule matches to syslog alerts.  Multiple matches can
  be controlled with new configuration variables in psad.conf:
  ENABLE_SIG_MSG_SYSLOG, SIG_MSG_SYSLOG_THRESHOLD, and
  SIG_SID_SYSLOG_THRESHOLD.
- Bugfix to include scanned UDP port ranges in syslog alerts.
- Bugfix to parse SEQ and ACK iptables log message fields (requires
  --log-tcp-sequence on the iptables command line).  This allows the
  ipEye signature to work.
- Added --debug-sid to allow a specific Snort rule to be debugged
  while psad runs it through its detection engine.  A consequence of
  this is that the -d command line argument must be spelled out, i.e.
  "psad --debug".
- Bugfix to allow logging prefixes to omit trailing spaces.  This is
  a bug in the iptables logging format to allow this in the first place,
  but before this gets fixed psad needs to compensate.
- Bugfix for syslog-ng init script path in install.pl.
- Bugfix to include a "source" definition for /proc/kmsg if not already
  defined for syslog-ng daemons.
- Minor memory handling bugfixes discovered by the excellent Valgrind
  project: http://www.valgrind.org

Another interesting bit of news is that Tenable Network Security has
added support for importing psad syslog events into their products:

http://blog.tenablesecurity.com/2007/01/psad_rules_for_.html
http://www.cipherdyne.org/blog/2007/01/tenable-network-security-and-log-parser-for-psad-events.html

As usual, psad can be downloaded from:

http://www.cipherdyne.org/psad/download/

Also, I've updated cipherdyne.org to include blog style links (RSS and
Atom feeds are available too), so the complete psad-2.0.4 release
posting can be found here (includes few sample syslog signature matches
reported by psad):

http://www.cipherdyne.org/blog/2007/01/software-release-psad-2.0.4.html

--
Michael Rash
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to 
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • psad-2.0.4 released, Michael Rash <=
Previous by Date:  Re: Current research on IDS, Raffael Marty
Next by Date:  [Full-disclosure] 2007 Security OPUS CFP: Closed (Agenda included), Sharkey
Previous by Thread:  Wireless Monitoring, Kevin Taylor
Next by Thread:  [Full-disclosure] 2007 Security OPUS CFP: Closed (Agenda included), Sharkey
Indexes:  [Date] [Thread] [Top] [All Lists]