ntop is sweet, but it has had many security holes recently. I'm kinda afraid to run it. :( > -----Original Message----- > From: Scott Dier [mailto:dieman at ringworld.org] > Sent: Monday, January 01, 2001 2:41 AM > To: tclug-list at lists.real-time.com > Subject: Re: [TCLUG] Linux Intrustion Detection? > > > Really, the only tools in the OSS sector that ive seen are > snort (yeah!) > and the newer ntop that does stats on *everything*. The > web-based ntop > stuff is pretty damned amazing. Nice to get a picture of what traffic > is going on. > > Otherwise, theres allways RealSecure and NFR. :P But those cost too > much. I think a well configured snort machine, with somehting like > cflowd/flowscan (woot! I found a open relay on a network with > that combo > last week after it flooded a t1 with SMTP traffic) or ntop to > determine > traffic after the fact. > > * Austad, Jay <austad at marketwatch.com> [001231 20:10]: > > Isn't portsentry primarily designed just to react to > portscans only? I > > don't think it will detect modified files or send alerts > about attempted > > exploits. > > > > Portsentry is a good tool though. It'll generate ipchains > rules to block > > the ip of a host which is scanning you. I have a friend > who runs it at the > > dorms at the U of MN. He gets scanned ALOT. Someone broke > into his box > > last year and was saturating a DS3 with his box doing a DoS > against some > > other site. > > > > Jay > > > > > > > -----Original Message----- > > > From: grey Moon-Wolf [mailto:mtsqph at yahoo.com] > > > Sent: Sunday, December 31, 2000 5:43 PM > > > To: tclug-list at lists.real-time.com > > > Subject: Re: [TCLUG] Linux Intrustion Detection? > > > > > > > > > > > > --- Bob Tanner <tanner at real-time.com> wrote: > > > > Anyone have a recommendation on intrustion detection > > > > software for linux? > > > > > > Portsentry... check out Nov/Dec 2000 issue of Maximum > > > Linux, might be a bunch of meatballs but they have > > > provided some pretty decent software... The issue > > > deals with security matters... found it a good read. > > > And the free CD had some interesting downloads. > > > Manuel. > > > > > > __________________________________________________ > > > Do You Yahoo!? > > > Yahoo! Photos - Share your holiday photos online! > > > http://photos.yahoo.com/ > > > _______________________________________________ > > > tclug-list mailing list > > > tclug-list at lists.real-time.com > > > https://mailman.real-time.com/mailman/listinfo/tclug-list > > > > > _______________________________________________ > > tclug-list mailing list > > tclug-list at lists.real-time.com > > https://mailman.real-time.com/mailman/listinfo/tclug-list > > -- > Scott Dier <dieman at ringworld.org> #linuxos at irc.openprojects.net > http://www.ringworld.org/ finger:dieman at destiny.ringworld.org > > "Kupo, kupkup, kupopo... Po... Kupo!? KUPOPO!!! > <Chomp chomp> Kupooo." > -Moguta (FFIX) >