[TCLUG] Linux Intrustion Detection?

Mon Jan 1 04:21:05 CST 2001

ntop is sweet, but it has had many security holes recently.  I'm kinda
afraid to run it.  :(

> -----Original Message-----
> From: Scott Dier [mailto:dieman at ringworld.org]
> Sent: Monday, January 01, 2001 2:41 AM
> To: tclug-list at lists.real-time.com
> Subject: Re: [TCLUG] Linux Intrustion Detection?
> 
> 
> Really, the only tools in the OSS sector that ive seen are 
> snort (yeah!)
> and the newer ntop that does stats on *everything*.  The 
> web-based ntop
> stuff is pretty damned amazing.  Nice to get a picture of what traffic
> is going on.
> 
> Otherwise, theres allways RealSecure and NFR. :P  But those cost too
> much.  I think a well configured snort machine, with somehting like
> cflowd/flowscan (woot! I found a open relay on a network with 
> that combo
> last week after it flooded a t1 with SMTP traffic) or ntop to 
> determine
> traffic after the fact.
> 
> * Austad, Jay <austad at marketwatch.com> [001231 20:10]:
> > Isn't portsentry primarily designed just to react to 
> portscans only?  I
> > don't think it will detect modified files or send alerts 
> about attempted
> > exploits.
> > 
> > Portsentry is a good tool though.  It'll generate ipchains 
> rules to block
> > the ip of a host which is scanning you.  I have a friend 
> who runs it at the
> > dorms at the U of MN.  He gets scanned ALOT.  Someone broke 
> into his box
> > last year and was saturating a DS3 with his box doing a DoS 
> against some
> > other site.   
> > 
> > Jay
> > 
> > 
> > > -----Original Message-----
> > > From: grey Moon-Wolf [mailto:mtsqph at yahoo.com]
> > > Sent: Sunday, December 31, 2000 5:43 PM
> > > To: tclug-list at lists.real-time.com
> > > Subject: Re: [TCLUG] Linux Intrustion Detection?
> > > 
> > > 
> > > 
> > > --- Bob Tanner <tanner at real-time.com> wrote:
> > > > Anyone have a recommendation on intrustion detection
> > > > software for linux?
> > > 
> > > Portsentry... check out Nov/Dec 2000 issue of Maximum
> > > Linux, might be a bunch of meatballs but they have
> > > provided some pretty decent software... The issue
> > > deals with security matters... found it a good read.
> > > And the free CD had some interesting downloads.
> > > Manuel.
> > > 
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Yahoo! Photos - Share your holiday photos online!
> > > http://photos.yahoo.com/
> > > _______________________________________________
> > > tclug-list mailing list
> > > tclug-list at lists.real-time.com
> > > https://mailman.real-time.com/mailman/listinfo/tclug-list
> > > 
> > _______________________________________________
> > tclug-list mailing list
> > tclug-list at lists.real-time.com
> > https://mailman.real-time.com/mailman/listinfo/tclug-list
> 
> -- 
> Scott Dier <dieman at ringworld.org> #linuxos at irc.openprojects.net
> http://www.ringworld.org/  finger:dieman at destiny.ringworld.org
> 
> "Kupo, kupkup, kupopo...  Po... Kupo!?  KUPOPO!!!
> 	<Chomp chomp> Kupooo."
> 		-Moguta (FFIX)
> 