On Thu, 4 Jan 2001, Stefan Hoffmeister wrote:
Hi,
what are the recommended tools to add to a (dial-up) NAT gateway to detect attacks on that gateway?
I am not (yet :->) looking for tools how to detect things after the deed is done, but for some kind of an early warning system (and I am not particularly interested in reading the raw logs emitted by ipchains).
lists a couple of things, but this seems to be just an *unreviewed* long list of tools, with rather unknown quality.
TIA Stefan
hi, At first I'd recommend to let the firewall log bogous packets. Maybe you also want to install an IDS which reports scans, overflow attempts etc. in a more human readable form. On www.snort.org there is a free one avail. But, don't trust when it sais nothing. During analyzation of such systems in-lab we realized that some of them can be bypassed. Thus, don't run IDS alone. Always run firewall and enable ip_always_defrag in kernel :) bye, Sebastian