The Port Scan Attack Detector (psad) is a collection of three system daemons that are designed to work with the Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults), verbose alert messages, email alerting, DShield reporting, and automatic blocking of offending IP addresses. Psad incorporates many of the packet signatures included in Snort to detect various kinds of suspicious scans, and implements the same passive OS fingerprinting algorithm used by p0f. License: GNU General Public License (GPL) Changes: A bug was fixed so that kernel timestamps are not included in iptables log prefixes that contain spaces like "[ 65.026008] DROP". Non-resolved IP addresses are now skipped. p0f output in --debug mode was improved to display when a passive OS fingerprint cannot be calculated based on iptables log messages that include TCP options (i.e. with --log-tcp-options when building a LOG rule on the iptables command line).

	Read more at FreshMeat
	www.pheedo.com/click.phdo?i=0eeacf06f0b8d0e2175565810c258989