The best way to watch what's happening to a system is to have a listener
that sees everything the target sees with the NIC listening in promiscuous
mode.  Have a NID software suite analyzing the traffic and you'll be
surprise what you see.  You can run the NID on the host itself, but I think
it's better if the NID is itself not addressable.

I'm sure there are others on the list who can give more practical advice -
not to mention I think there was a presentation on Nagios at a recent
Penguins Ubound meeting.

-Rob


On Wed, Feb 2, 2011 at 11:13 PM, Jason Hsu <jhsu802701 at jasonhsu.com> wrote:

> I've heard that if you connect online through Windows without patches, you
> can expect someone to break into your system in a matter of minutes.  This
> is why you need a firewall, Linux (better), or both (best).
>
> Is there a way to detect attempts to break into your system?  I'd like to
> see just how often somebody out there tries to break into my system and see
> how much more difficulty the hackers have as I take steps to improve
> security.
>
> --
> Jason Hsu <jhsu802701 at jasonhsu.com>
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> tclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20110203/a70944ad/attachment.html>