psad-2.1 release + book announcement

[Michael Rash <mbr@cipherdyne.org>]

Hi -

psad-2.1 has been released:

http://www.cipherdyne.org/psad/download/

This release finishes off the 2.0.x development series with a few bug
fixes and feature enhancements.  For example, one bug was fixed in how psad
handles the options portion of the TCP header; it was previously possible
to force psad into an infinite loop with a specially crafted set of options
(logged by iptables with the --log-tcp-options command line argument when
building a LOG rule).

Here is the complete ChangeLog:

http://trac.cipherdyne.org/trac/psad/browser/psad/tags/psad-2.1/ChangeLog

Also, I have finished writing the book "Linux Firewalls: Attack Detection
and Response" for No Starch Press.  It is available for a decent discount
off the Amazon.com price if you go through the No Starch site:

http://www.nostarch.com/frameset.php?startat=firewalls_mr

This book is as much about intrusion detection as it is about iptables,
and treats the two subjects in a unified fashion.  There are lot of
books out there about intrusion detection, and lots more about firewalls,
but none that I'm aware of that really concentrate on the combination of
the two technologies.  In this respect, it is my hope that this book is
unique.

There is also an online site for the book here:

http://www.cipherdyne.org/LinuxFirewalls/

For example, visualizations of iptables Honeynet log data can be viewed
(along with the parsed data sets produced by psad) here:

http://www.cipherdyne.org/LinuxFirewalls/ch14/

Thanks,

--
Michael Rash
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F