Mailinglist Archive: opensuse-security (564 mails)

< Previous Next >
Re: [suse-security] Intrusion detection?
  • From: Sebastian Krahmer <krahmer@xxxxxxx>
  • Date: Fri, 5 Jan 2001 15:34:39 +0100 (CET)
  • Message-id: <Pine.LNX.4.21.0101051531590.9233-100000@xxxxxxxxxxxxxx>
On Thu, 4 Jan 2001, Stefan Hoffmeister wrote:

>
> Hi,
>
> what are the recommended tools to add to a (dial-up) NAT gateway to detect
> attacks on that gateway?
>
> I am not (yet :->) looking for tools how to detect things after the deed
> is done, but for some kind of an early warning system (and I am not
> particularly interested in reading the raw logs emitted by ipchains).
>
> http://www.securityfocus.com/
>
> lists a couple of things, but this seems to be just an *unreviewed* long
> list of tools, with rather unknown quality.
>
> TIA
> Stefan
hi,

At first I'd recommend to let the firewall log bogous packets.
Maybe you also want to install an IDS which reports scans,
overflow attempts etc. in a more human readable form.
On www.snort.org there is a free one avail. But, don't trust
when it sais nothing. During analyzation of such systems
in-lab we realized that some of them can be bypassed.
Thus, don't run IDS alone. Always run firewall and enable
ip_always_defrag in kernel :)

bye,
Sebastian



< Previous Next >
References