On Thu, 4 Jan 2001, bacano wrote:
Pakemon http://www.inas.mag.keio.ac.jp/ids/pakemon/index.html Abacus Project http://www.psionic.com/abacus/ eye on exec http://www.cs.uni-potsdam.de/homepages/students/linuxer/ok.html Eh, wow, ... I forgot. Yes, thats good idea, coz it's from me :> Next holiday I hopefully find time to port it to some other BSD's. Also extension of the weak-path concept would be cool. I'd appreciate help of experianced programmer's who could write detection-script on top of this driver.
bye, Sebastian
AAFID http://www.cerias.purdue.edu/projects/aafid/ goodies for/and snort http://www.whitehats.com/ids/index.html
[ ]'s bacano
----- Original Message ----- From: "Thomas Biege"
To: "Stefan Hoffmeister" Cc: Sent: Thursday, January 04, 2001 11:48 AM Subject: Re: [suse-security] Intrusion detection? On Thu, 4 Jan 2001, Stefan Hoffmeister wrote:
Hi,
what are the recommended tools to add to a (dial-up) NAT gateway to
detect
attacks on that gateway?
I am not (yet :->) looking for tools how to detect things after the deed is done, but for some kind of an early warning system (and I am not particularly interested in reading the raw logs emitted by ipchains).
lists a couple of things, but this seems to be just an *unreviewed* long list of tools, with rather unknown quality.
try snort (www.snort.org) or packemon (???) for networkbased attacks. they are easy to fool, but they are available for free. :-\
all open source hostbased IDS, that I know, suck.
Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com