Intrusion Detection Systems
-----BEGIN PGP SIGNED MESSAGE----- Hello, I am looking to find a decent Intrusion Detection System along the lines of Snort. I have tried getting snort and SnortSnarf to work, but it appears Snort logs things kind of backwards (Counts my nslookups as DoS attacks on the name server, yet wont log a thing when I portscan or send large pings to my computer from a remote machine). I have seen a few scripts that do things I would like, but all the featres are spread out over many different programs. I would love something along the lines that I would be informed if someone is attempting common exploits (BIND, Telnet, etc...) and have that e-mailed. Informed of DoS attacks hitting my server by E-Mail, and possible inform the Administrator of the attacking IP's Notified VIA E-mail of port scans. All I could find would be I would have to run Snort, Portsentry and FW-1 by Lance Spitzner, which I am sure will cause quite a few problems running multiple IDS programs. Any suggestions on a great IDS would be appreciated! Thank you, Robert K. Davies Textbox Networks Administration http://www.textbox.net irc.textbox.net (6667 Regular Client, 7001/2 SSL Client) ********************************************************************** This post is encrypted in the "english language method", any attempt to decipher meaning from these symbols is a violation of the DMCA. This includes, but is not limited to: interpreting the symbols through use of biological, visual decryption devices, translating the symbols into another language encryption scheme, and digital processing the symbols into a form conducive to oral intrepretation. Thank you for your time. ********************************************************************** -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.75-6 iQEVAwUBPDKqLrzz1EMmEs4tAQHB6Af+ORXHCUUbXw8jlX2AEYgQnj2Yo306Uoiz TnDylpyLTYqaUz84TYGaYGHxSrkIpoSq480wnzaqZAagc9hWkF2Isn75KaUIg1j4 OGxBe4F7rvfXduoDvVDh4UMe76/F6prsNyTxPAWDMwMNKB8yloYpgpZY0hOE7ing X493hDhJQ6+8BhiphI2ftu9Ba1wWhs2BSK1BEGmQ9O91lHHP4f9xywkzurkftKra +d/xXa8L8Uig/2xSPr4WUJY/G1r5PxyiHQobXexRCfwpPe/Y3DeMolNQBmrV/VeM 1PkUolXK6taMKT2H9/Lv6tpHP/sFWyNUP1tpfTB/gfl0FktViFvdSA== =CZKi -----END PGP SIGNATURE-----
Hello. I have also been toying with the idea of setting up an IDS here, and found this one to be interesting http://www.nswc.navy.mil/ISSEC/CID/ In conjunction with an IDS, this struck me as a very interesting tool if you own a block of IPs but aren't using them all. It doesn't seem much use if you are masq-ing behind a solitary real IP, however. http://www.threenorth.com/LaBrea/ Bye for now, Stuart. -----Original Message----- From: Phantasm [mailto:phantasm@textbox.net] Sent: 02 January 2002 06:35 To: suse-linux-e@suse.com Subject: [SLE] Intrusion Detection Systems -----BEGIN PGP SIGNED MESSAGE----- Hello, I am looking to find a decent Intrusion Detection System along the lines of Snort. --snip--
participants (2)
-
Phantasm
-
Stuart Powell