

The Port Scan Attack Detector - pavs
http://www.linuxhaxor.net/2008/02/07/the-port-scan-attack-detector/
PSAD is a collection of four lightweight system daemons written in Perl and in C that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, tcp flags and corresponding nmap options (Linux 2.4.x kernels only), reverse DNS info, email alerting, and automatic blocking of offending ip addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the tcp signatures included in Snort to detect highly suspect scans.
======
jmorin007
Since when has port scanning been considered an attack?

~~~
dazzawazza
While it could be considered bad form to do a port scan it's far from an
attack.

~~~
pavs
The name of the script is PSAD (Port Scan Attack Detector).

Is a portscan of a machine malicious/illegal/unfriendly?
[http://faqs.org/faqs/computer-security/most-common-
qs/sectio...](http://faqs.org/faqs/computer-security/most-common-
qs/section-21.html)

