PCISP

The Port Scan Attack Detector (psad) is a
collection of three system daemons that are
designed to work with the Linux iptables
firewalling code to detect port scans and other
suspect traffic. It features a set of highly
configurable danger thresholds (with sensible
defaults), verbose alert messages, email alerting,
DShield reporting, and automatic blocking of
offending IP addresses. Psad incorporates many of
the packet signatures included in Snort to detect
various kinds of suspicious scans, and implements
the same passive OS fingerprinting algorithm used
by p0f.

License: GNU General Public License (GPL)

Changes:
This release enables IPT_SYSLOG_FILE by default.
This is a relatively
important change, since it changes the default
method of acquiring
iptables log data from reading it from a named
pipe from syslog to just
parsing the /var/log/messages file. The whois
client has been updated to
version 4.7.26, Bit::Vector to 6.4, and Date::Calc
to 5.4.