RE: Intrusion Detection
While all of the aforementioned tools *do* actually perform IDS, they have
all been host based, in the case of tripwire they are looking for modified
files (reconfigs, rootkits) and will generally tell you *way too late*
meaning after your host has already been compromised.
The closest thing to BlackIce would be either Snort (see
http://host22-107.prestige.net/) this is a temporary web site.
or
Abacus PortSentry. (should be at http://www.psionic.com but its down)
Both of these tools will warn you when you are being probe on certain
ports, portscanned, or in the case of snort (when a certain type of buffer
overflow, etc) is launched against your box, assuming there is a signature
for it.
Packet Storm security has all these tools and much much more.
http://packetstorm.securify.com
>
>
> -------------------------------------
> New things are always on the horizon.
>
> >> -----Original Message-----
> >> From: KoML [mailto:koml@strato.net]
> >> Sent: Thursday, May 11, 2000 12:07 PM
> >> To: debian-firewall@lists.debian.org
> >> Subject: Intrusion Detection
> >> Importance: High
> >>
> >>
> >> This probably has been discussed or asked before.... but i must have
> >> missed it. I was just wondering if there was any debian packages or software
> >> out there for linux thats can serve as a good Intrusion dectection
> >> system preferably real time with various methonds of alerts and
> >> notifications. And if possible dynamically respond. Somethign like
> >> BLack Ice Defender but on
> >> linux.
> >>
> >> Any ideas .. suggestions ...appreciated.N…I@
> >> éŠ[uæjwì–Zªç¶X¶Çn&¢¸ŠØ²æyË~é¹»®&NºnW¢{rٲٲז+±×‰©
> >>
> >>
> >> --
> >> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> >> with a subject of "unsubscribe". Trouble? Contact
> >> listmaster@lists.debian.org
> >>
>
> On Thu, 11 May 2000, chris wrote:
>
> > Tripwire for Linux is a good intrustion detection program, and it is offered
> > for free.
> >
>
> It's free as in price, there is also a GPL'd system (well, it's not
> in nonfree anyway) but it's still new, it's in Debian unstable, called
> AIDE, I've not had a change to test it yet. And I don't know of it's
> feature/bug list. Worth a look anyway.
>
> Leen.
>
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
________________________________________________________________________
Matthew D. Franz mdfranz@io.com
Trinux: A Linux Security Toolkit http://www.trinux.org
OpenSEC: Open Security Solutions http://www.opensec.net
------------------------------------------------------------------------
Reply to: