Pakemon http://www.inas.mag.keio.ac.jp/ids/pakemon/index.html
Abacus Project http://www.psionic.com/abacus/
eye on exec http://www.cs.uni-potsdam.de/homepages/students/linuxer/ok.html
AAFID http://www.cerias.purdue.edu/projects/aafid/
goodies for/and snort http://www.whitehats.com/ids/index.html
[ ]'s bacano
----- Original Message -----
From: "Thomas Biege"
On Thu, 4 Jan 2001, Stefan Hoffmeister wrote:
Hi,
what are the recommended tools to add to a (dial-up) NAT gateway to
detect
attacks on that gateway?
I am not (yet :->) looking for tools how to detect things after the deed is done, but for some kind of an early warning system (and I am not particularly interested in reading the raw logs emitted by ipchains).
lists a couple of things, but this seems to be just an *unreviewed* long list of tools, with rather unknown quality.
try snort (www.snort.org) or packemon (???) for networkbased attacks. they are easy to fool, but they are available for free. :-\
all open source hostbased IDS, that I know, suck.
Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com