Michael Rash
Michael Rash
All auto-blocking operations in psad should support ipset on Linux systems.
psad currently detects malicious traffic delivered via IPv6, but cannot also block such traffic in auto-blocking mode. psad should be extended to use ip6tables to close this gap.
psad should integrate reputation feeds that contain IP only or IP+port matching criteria. There are good examples from the Emerging Threats community.
As reported to the psad mailing list, psad-2.1.7 on OpenSuSE 10.3 has the following issue: # /etc/init.d/psad start Starting psad: Undefined subroutine &main::LOG_DAEMON called at /usr/sbin/psad line 9443. There has...
psad has historically only support iptables on Linux systems - add support for ipfw on FreeBSD and Mac OS X systems.
psad has historically handled only iptables on Linux. Update psad to handle the PF firewall on OpenBSD systems.
afl-fuzz argv written to fuzzer_stats might provide a nice way to validate the afl-cov --coverage-cmd, although env variables would likely be an issue.
Add a --last-cmd option to re-run afl-cov with the same command line args as the previous execution.
The plot_data file can be used by afl-cov to show what new code has been covered on a per-cycle basis.
Linux firewalling may move towards nftables, so this needs to be investigated for fwsnort compatibility.