Back to scandetd PTS page

Installed scandetd 1.1.4-beta7-1 (i386 source)

To: debian-devel-changes@lists.debian.org
Subject: Installed scandetd 1.1.4-beta7-1 (i386 source)
From: Bradley Alexander <storm@debian.org>
Date: Fri, 05 Jan 2001 15:04:39 -0500
Message-id: <E14Ed6N-0002vk-00@auric.debian.org>
Sender: James Troup <troup@auric.debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu,  4 Jan 2001 13:00:08 -0500
Source: scandetd
Binary: scandetd
Architecture: source i386
Version: 1.1.4-beta7-1
Distribution: unstable
Urgency: low
Maintainer: Bradley Alexander <storm@debian.org>
Changed-By: Bradley Alexander <storm@debian.org>
Description: 
 scandetd   - Portscan detector for Linux.
Changes: 
 scandetd (1.1.4-beta7-1) unstable; urgency=low
 .
   * new format of HostLogIgnore (HostScanIgnore):
         source_IP:src_ports -> dest_IP:dst_ports
     for example:
         192.168.1.0/24:1024-65535 -> 192.168.1.1:1-1024,3306
 .
     Port specification allows to use port ranges, ie 1-1024
     If destination part (this after "->" sign) is omited then
     expression describes source IP and source ports.
     I think that PortLogIgnore could be removed because it can be written
     in new format, ie:
       PortLogIgnore 25,80
     is equal to:
       0/0 -> 0/0:25,80
     NO WHITESPACE IS ALLOWED IN THE PORT SPECIFICATION.
 .
   * added SyslogFacility which accepts all values described in openlog(3)
      (without LOG_ prefix)
   * added MailSubject with %p - protocol,%s - source IP, %d - dest IP
      (Closes #79811)
   * added FloodDetection (yes/no) whether connections to the same
      destination port should be skipped or not
   * added LogDetails (yes/no). If yes then logging is done in following
      format: source_IP (src_port) -> dest_IP (dest_port)
   * '-s' command line option - don't start the daemon, just show parsed
      config file
   * added LogOSFP (yes/no) for enabling logging OS fingerprinting probes
   * added OSFPSendMail (yes/no). Email contains gussed type of OS probe
      (currently 'nmap', 'queso' or 'unknown'), number of packets and
      TCP flags set in each packet
   * added log and mail limits. If scan/flood/OSprobe was logged (or email
      was sent) and host is still on internal list then there will be no
      second warning
   * added tracking of destination IP. If scan/flood were made to more than
      one IP then it will be noticed in log/email, ie:
      "Possible port scan from x.x.x.x to x.x.x.x (and others)"
   * drop priviledges code was improved and RunAsGroup was removed. Deamon
      will run as RunAsUser with group set to group to which 'RunAsUser'
      belongs
   * several bug fixes
Files: 
 535b7f6fa917b5e03ba5aff4bf06d4fc 617 net optional scandetd_1.1.4-beta7-1.dsc
 cf3b58f266a6240d28b6461ec9ef7360 20597 net optional scandetd_1.1.4-beta7.orig.tar.gz
 b0c4242bb63ecc0d040b110f34c30b74 4177 net optional scandetd_1.1.4-beta7-1.diff.gz
 7df9c72ba39c77129e2b022689b6976a 16580 net optional scandetd_1.1.4-beta7-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6VMpec7LAGVRDTmURApfdAJkBGGj8ElPsrbWKBjEzhCbH+Yok3QCgohE0
bk/g6Ls81m6iS52AjVuWHgM=
=VTBN
-----END PGP SIGNATURE-----


Installed:
scandetd_1.1.4-beta7.orig.tar.gz
  to pool/main/s/scandetd/scandetd_1.1.4-beta7.orig.tar.gz
scandetd_1.1.4-beta7-1.diff.gz
  to pool/main/s/scandetd/scandetd_1.1.4-beta7-1.diff.gz
scandetd_1.1.4-beta7-1_i386.deb
  to pool/main/s/scandetd/scandetd_1.1.4-beta7-1_i386.deb
scandetd_1.1.4-beta7-1.dsc
  to pool/main/s/scandetd/scandetd_1.1.4-beta7-1.dsc