[cut]
>psad offers scan detection that is beyond what can be expressed within
> the signature set. The NULL scan detection message was generated from
> the non-signature portion of psad.
>
>
actually i like the way it worked, it clear lots of my IDS/IPS concepts. so
i like to read it more in dept.
E.g like there is a signature file in psad directory. i saw the patterns of
signatures, how it detect the packet from the log. is there any file where
i can see those extra patterns for non signature detection.
> > why Null scan didn't showed the signature against which this alert
> > triggered.
>
> Having said the above, there is also a NULL scan signature that appears
> not to have fired, and I believe this is a minor bug that will be
> corrected in the next version.
>
yes, i observe that too, there was a Null signature which hasn't been
trigger. no problem i am fine as far as it is detecting, one way or another.
>
> Thanks,
>
> --Mike
>
------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss
