cipherdyne.org

Michael Rash, Security Researcher



psad --Status output

# psad --Status
[+] psadwatchd (pid: 8428) %CPU: 0.0 %MEM: 0.0
Running since: Sun Oct 24 19:02:10 2004

[+] kmsgsd (pid: 8426) %CPU: 0.0 %MEM: 0.0
Running since: Sun Oct 24 19:02:10 2004

[+] psad (pid: 8420) %CPU: 0.0 %MEM: 0.9
Running since: Sun Oct 24 19:02:10 2004
Command line arguments: [none specified]
Alert email address(es): mbr@cipherdyne.org

src: dst: chain: tcp: udp: icmp: dl: alerts: os_guess:
144.202.242.xxx 68.49.82.xxx INPUT 1 0 2 2 3 -
192.168.10.xxx 192.168.10.1 INPUT 3 0 0 2 4 -
192.168.10.xxx 192.168.10.1 INPUT 3 0 0 2 4 Linux:2.6
218.83.153.xxx 68.49.82.xxx INPUT 0 22 0 2 10 -
68.149.206.xxx 68.49.82.xxx INPUT 9 0 0 1 3 Windows:2000
68.206.113.xxx 68.49.82.xxx INPUT 10 0 0 1 3 -
68.43.62.xxx 68.49.82.xxx INPUT 8 0 0 1 3 -
68.48.238.xxx 68.49.82.xxx INPUT 15 0 0 2 12 -
68.49.160.xxx 68.49.82.xxx INPUT 36 0 0 2 7 -
68.49.209.xxx 68.49.82.xxx INPUT 24 0 0 2 9 -
68.49.64.xxx 68.49.82.xxx INPUT 6 0 0 1 2 -
68.49.70.xxx 68.49.82.xxx INPUT 12 0 0 1 3 @Windows:2000
68.59.178.xxx 68.49.82.xxx INPUT 12 0 0 1 3 -
68.74.158.xxx 68.49.82.xxx INPUT 12 0 0 1 3 -
81.203.202.xxx 68.49.82.xxx INPUT 1 0 0 2 2 -

DShield stats:
total emails: 4
total packets: 294

Iptables prefix counters:
"SID368": 1
"SID366": 1
"DROP": 440

Total scan sources: 15
Total scan destinations: 2

Total packet counters:
tcp: 248
udp: 146
icmp: 2