Information:
The Port Scan Attack Detector (psad) is a Perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly-configurable danger thresholds with sensible
defaults, and verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), e-mail alerts, and automatic blocking of offending IP addresses. This is all done by way of dynamic configuration of ipchains/iptables firewall rulesets. For the 2.4.x kernels, psad incorporates many of the TCP signatures that are included in Snort to detect highly-suspect scans for various backdoor programs, DOS tools, and advanced port scans, which are easily leveraged against a machine by way of nmap.
