On Jul 23, 2009, dtakem...@thdfsg.com wrote:

> Hi,

Hello -

> On certain linux boxes, I have iptables setup to block and/or log outgoing 
> 
> connections, (as these boxes should never ever have a direct connection
> to the internet) so a PSAD alert can warn me of a potential security 
> breach
> or misconfigured program.
> 
> In these cases however, the PSAD alert email includes a whois report on 
> the 
> source of the packets - which is a private IP.  What I'm more interested 
> in
> is a whois on the _target_ of the packets.
> 
> How can I configure psad alerts to include the target whois instead?

Ah, that is an interesting idea.  psad does not currently support this,
but I will add it in the next release.

Thanks,

-- 
Michael Rash | Founder
http://www.cipherdyne.org/
Key fingerprint: E2EF 0C8A 5AA9 654C 4763  B50F 37AC E946 7F51 8271

> 
> 
> 
> Dean Takemori
> Systems Support Supervisor
> TD Food Group
> dtakem...@thdfsg.com
> ------------------------------------------------------------------------------

> _______________________________________________
> psad-discuss mailing list
> psad-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/psad-discuss


------------------------------------------------------------------------------
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss

Reply via email to