On Jul 23, 2009, dtakem...@thdfsg.com wrote: > Hi, > > On certain linux boxes, I have iptables setup to block and/or log outgoing > > connections, (as these boxes should never ever have a direct connection > to the internet) so a PSAD alert can warn me of a potential security > breach > or misconfigured program. > > In these cases however, the PSAD alert email includes a whois report on > the > source of the packets - which is a private IP. What I'm more interested > in > is a whois on the _target_ of the packets. > > How can I configure psad alerts to include the target whois instead?
Hi, I know this is responding to a very old email, but I wanted to let you know that the psad-2.1.7 release tries to be smart about which IP (src vs. dst) it issues the whois lookup against. I believe that it probably offers the feature you hinted at above, but please let me know if not. Thanks, --Mike > Dean Takemori > Systems Support Supervisor > TD Food Group > dtakem...@thdfsg.com > ------------------------------------------------------------------------------ > _______________________________________________ > psad-discuss mailing list > psad-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/psad-discuss ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss
