On Thu, 4 Jan 2001, Stefan Hoffmeister wrote:
Hi,
what are the recommended tools to add to a (dial-up) NAT gateway to detect attacks on that gateway?
I am not (yet :->) looking for tools how to detect things after the deed is done, but for some kind of an early warning system (and I am not particularly interested in reading the raw logs emitted by ipchains).
lists a couple of things, but this seems to be just an *unreviewed* long list of tools, with rather unknown quality.
try snort (www.snort.org) or packemon (???) for networkbased attacks. they are easy to fool, but they are available for free. :-\ all open source hostbased IDS, that I know, suck. Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47