Really, the only tools in the OSS sector that ive seen are snort (yeah!) and the newer ntop that does stats on *everything*. The web-based ntop stuff is pretty damned amazing. Nice to get a picture of what traffic is going on. Otherwise, theres allways RealSecure and NFR. :P But those cost too much. I think a well configured snort machine, with somehting like cflowd/flowscan (woot! I found a open relay on a network with that combo last week after it flooded a t1 with SMTP traffic) or ntop to determine traffic after the fact. * Austad, Jay <austad at marketwatch.com> [001231 20:10]: > Isn't portsentry primarily designed just to react to portscans only? I > don't think it will detect modified files or send alerts about attempted > exploits. > > Portsentry is a good tool though. It'll generate ipchains rules to block > the ip of a host which is scanning you. I have a friend who runs it at the > dorms at the U of MN. He gets scanned ALOT. Someone broke into his box > last year and was saturating a DS3 with his box doing a DoS against some > other site. > > Jay > > > > -----Original Message----- > > From: grey Moon-Wolf [mailto:mtsqph at yahoo.com] > > Sent: Sunday, December 31, 2000 5:43 PM > > To: tclug-list at lists.real-time.com > > Subject: Re: [TCLUG] Linux Intrustion Detection? > > > > > > > > --- Bob Tanner <tanner at real-time.com> wrote: > > > Anyone have a recommendation on intrustion detection > > > software for linux? > > > > Portsentry... check out Nov/Dec 2000 issue of Maximum > > Linux, might be a bunch of meatballs but they have > > provided some pretty decent software... The issue > > deals with security matters... found it a good read. > > And the free CD had some interesting downloads. > > Manuel. > > > > __________________________________________________ > > Do You Yahoo!? > > Yahoo! Photos - Share your holiday photos online! > > http://photos.yahoo.com/ > > _______________________________________________ > > tclug-list mailing list > > tclug-list at lists.real-time.com > > https://mailman.real-time.com/mailman/listinfo/tclug-list > > > _______________________________________________ > tclug-list mailing list > tclug-list at lists.real-time.com > https://mailman.real-time.com/mailman/listinfo/tclug-list -- Scott Dier <dieman at ringworld.org> #linuxos at irc.openprojects.net http://www.ringworld.org/ finger:dieman at destiny.ringworld.org "Kupo, kupkup, kupopo... Po... Kupo!? KUPOPO!!! <Chomp chomp> Kupooo." -Moguta (FFIX) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20010101/dfd7800a/attachment.pgp