On Oct 29, 2013, Muhammad Yousuf Khan wrote:
[cut]
psad offers scan detection that is beyond what can be expressed within
the signature set. The NULL scan detection message was generated from
the non-signature portion of psad.
actually i like the way it worked, it clear lots of my
i am using nmap for scanning NULL and XMAS
here is the log
XMAS log:
src: 10.x.x.17 signature match: SCAN nmap XMAS (sid: 1228) tcp port: 765
Oct 28 21:03:38 firewall
psad: scan detected: 10.x.x.17 - 10.x.x.22 tcp: [1-65389] flags: URG PSH
FIN tcp pkts: 2000 DL: 5
Null Scan log:
psad: scan