On Oct 29, 2013, Muhammad Yousuf Khan wrote:
> [cut]
> >psad offers scan detection that is beyond what can be expressed within
>
> > the signature set. The NULL scan detection message was generated from
> > the non-signature portion of psad.
> >
> >
> actually i like the way it worked, it clear
[cut]
>psad offers scan detection that is beyond what can be expressed within
> the signature set. The NULL scan detection message was generated from
> the non-signature portion of psad.
>
>
actually i like the way it worked, it clear lots of my IDS/IPS concepts. so
i like to read it more in dept
On Oct 28, 2013, Muhammad Yousuf Khan wrote:
> i am using nmap for scanning NULL and XMAS
>
> here is the log
>
>
> XMAS log:
>
> src: 10.x.x.17 signature match: "SCAN nmap XMAS" (sid: 1228) tcp port: 765
> Oct 28 21:03:38 firewall
> psad: scan detected: 10.x.x.17 -> 10.x.x.22 tcp: [1-65389]
i am using nmap for scanning NULL and XMAS
here is the log
XMAS log:
src: 10.x.x.17 signature match: "SCAN nmap XMAS" (sid: 1228) tcp port: 765
Oct 28 21:03:38 firewall
psad: scan detected: 10.x.x.17 -> 10.x.x.22 tcp: [1-65389] flags: URG PSH
FIN tcp pkts: 2000 DL: 5
Null Scan log:
psad: sca