Advanced Psad Topics From Signature Matching To Os Fingerprinting

So far we've seen that psad analyzes ip tables log messages in order to detect port scans. In this chapter we will extend the theme of attack detection much further; certain attacks that match signatures in the Snort signature set can be detected, and remote operating systems can be fingerprinted in some cases. We will also show how to extract verbose status information from psad, and we'll introduce the DShield reporting capability.

Was this article helpful?

0 0

Post a comment