On Oct 28, 2013, Muhammad Yousuf Khan wrote: > i am using nmap for scanning NULL and XMAS > > here is the log > > > XMAS log: > > src: 10.x.x.17 signature match: "SCAN nmap XMAS" (sid: 1228) tcp port: 765 > Oct 28 21:03:38 firewall > psad: scan detected: 10.x.x.17 -> 10.x.x.22 tcp: [1-65389] flags: URG PSH > FIN tcp pkts: 2000 DL: 5 > > > Null Scan log: > psad: scan detected: 10.x.x.17 -> 10.x.x.22 tcp: [1-65389] flags: NULL tcp > pkts: 1990 DL: 5
psad offers scan detection that is beyond what can be expressed within the signature set. The NULL scan detection message was generated from the non-signature portion of psad. > why Null scan didn't showed the signature against which this alert > triggered. Having said the above, there is also a NULL scan signature that appears not to have fired, and I believe this is a minor bug that will be corrected in the next version. Thanks, --Mike > Thanks, > > MYK ------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk _______________________________________________ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss