The Port Scan Attack Detector (psad) is a collection of three system daemons that are designed to work with the Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults), verbose alert messages, email alerting, DShield reporting, and automatic blocking of offending IP addresses. Psad incorporates many of the packet signatures included in Snort to detect various kinds of suspicious scans, and implements the same passive OS fingerprinting algorithm used by p0f. License: GNU General Public License (GPL) Changes: A --gnuplot mode was added so that psad can output data that is suitable for plotting with gnuplot. The ability to negate match conditions on fields specified with the --CSV-fields argument was added. The Storable-2.16 module was added along with the --use-store-file argument so that in --gnuplot mode the Gnuplot data can be stored on disk and retrieved quickly. --analysis-fields was added so the iptables log messages that are parsed in -A mode can be restricted to those that meet certain criteria.

	Read more at FreshMeat
	www.pheedo.com/click.phdo?i=7f0b0788a6f015a9defc89d45b6cd9c9