-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 4 Jan 2001 13:00:08 -0500 Source: scandetd Binary: scandetd Architecture: source i386 Version: 1.1.4-beta7-1 Distribution: unstable Urgency: low Maintainer: Bradley Alexander <storm@debian.org> Changed-By: Bradley Alexander <storm@debian.org> Description: scandetd - Portscan detector for Linux. Changes: scandetd (1.1.4-beta7-1) unstable; urgency=low . * new format of HostLogIgnore (HostScanIgnore): source_IP:src_ports -> dest_IP:dst_ports for example: 192.168.1.0/24:1024-65535 -> 192.168.1.1:1-1024,3306 . Port specification allows to use port ranges, ie 1-1024 If destination part (this after "->" sign) is omited then expression describes source IP and source ports. I think that PortLogIgnore could be removed because it can be written in new format, ie: PortLogIgnore 25,80 is equal to: 0/0 -> 0/0:25,80 NO WHITESPACE IS ALLOWED IN THE PORT SPECIFICATION. . * added SyslogFacility which accepts all values described in openlog(3) (without LOG_ prefix) * added MailSubject with %p - protocol,%s - source IP, %d - dest IP (Closes #79811) * added FloodDetection (yes/no) whether connections to the same destination port should be skipped or not * added LogDetails (yes/no). If yes then logging is done in following format: source_IP (src_port) -> dest_IP (dest_port) * '-s' command line option - don't start the daemon, just show parsed config file * added LogOSFP (yes/no) for enabling logging OS fingerprinting probes * added OSFPSendMail (yes/no). Email contains gussed type of OS probe (currently 'nmap', 'queso' or 'unknown'), number of packets and TCP flags set in each packet * added log and mail limits. If scan/flood/OSprobe was logged (or email was sent) and host is still on internal list then there will be no second warning * added tracking of destination IP. If scan/flood were made to more than one IP then it will be noticed in log/email, ie: "Possible port scan from x.x.x.x to x.x.x.x (and others)" * drop priviledges code was improved and RunAsGroup was removed. Deamon will run as RunAsUser with group set to group to which 'RunAsUser' belongs * several bug fixes Files: 535b7f6fa917b5e03ba5aff4bf06d4fc 617 net optional scandetd_1.1.4-beta7-1.dsc cf3b58f266a6240d28b6461ec9ef7360 20597 net optional scandetd_1.1.4-beta7.orig.tar.gz b0c4242bb63ecc0d040b110f34c30b74 4177 net optional scandetd_1.1.4-beta7-1.diff.gz 7df9c72ba39c77129e2b022689b6976a 16580 net optional scandetd_1.1.4-beta7-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6VMpec7LAGVRDTmURApfdAJkBGGj8ElPsrbWKBjEzhCbH+Yok3QCgohE0 bk/g6Ls81m6iS52AjVuWHgM= =VTBN -----END PGP SIGNATURE----- Installed: scandetd_1.1.4-beta7.orig.tar.gz to pool/main/s/scandetd/scandetd_1.1.4-beta7.orig.tar.gz scandetd_1.1.4-beta7-1.diff.gz to pool/main/s/scandetd/scandetd_1.1.4-beta7-1.diff.gz scandetd_1.1.4-beta7-1_i386.deb to pool/main/s/scandetd/scandetd_1.1.4-beta7-1_i386.deb scandetd_1.1.4-beta7-1.dsc to pool/main/s/scandetd/scandetd_1.1.4-beta7-1.dsc