On Oct 28, 2013, Muhammad Yousuf Khan wrote:

> i am using nmap for scanning NULL and XMAS
> here is the log
> XMAS log:
>  src: 10.x.x.17 signature match: "SCAN nmap XMAS" (sid: 1228) tcp port: 765
> Oct 28 21:03:38 firewall
> psad: scan detected: 10.x.x.17 -> 10.x.x.22 tcp: [1-65389] flags: URG PSH
> FIN tcp pkts: 2000 DL: 5
> Null Scan log:
> psad: scan detected: 10.x.x.17 -> 10.x.x.22 tcp: [1-65389] flags: NULL tcp
> pkts: 1990 DL: 5

psad offers scan detection that is beyond what can be expressed within
the signature set.  The NULL scan detection message was generated from
the non-signature portion of psad.

> why Null scan didn't showed the signature against which this alert
> triggered.

Having said the above, there is also a NULL scan signature that appears
not to have fired, and I believe this is a minor bug that will be
corrected in the next version.



> Thanks,

Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
psad-discuss mailing list

Reply via email to