On Jul 23, 2009, dtakem...@thdfsg.com wrote:

> Hi,
> 
> On certain linux boxes, I have iptables setup to block and/or log outgoing 
> 
> connections, (as these boxes should never ever have a direct connection
> to the internet) so a PSAD alert can warn me of a potential security 
> breach
> or misconfigured program.
> 
> In these cases however, the PSAD alert email includes a whois report on 
> the 
> source of the packets - which is a private IP.  What I'm more interested 
> in
> is a whois on the _target_ of the packets.
> 
> How can I configure psad alerts to include the target whois instead?

Hi,

I know this is responding to a very old email, but I wanted to let you know
that the psad-2.1.7 release tries to be smart about which IP (src vs. dst)
it issues the whois lookup against.  I believe that it probably offers the
feature you hinted at above, but please let me know if not.

Thanks,

--Mike


> Dean Takemori
> Systems Support Supervisor
> TD Food Group
> dtakem...@thdfsg.com

> ------------------------------------------------------------------------------

> _______________________________________________
> psad-discuss mailing list
> psad-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/psad-discuss


------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss

Reply via email to