[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Intrusion Detection



While all of the aforementioned tools *do* actually perform IDS, they have
all been host based, in the case of tripwire they are looking for modified
files (reconfigs, rootkits) and will generally tell you *way too late*
meaning after your host has already been compromised. 

The closest thing to BlackIce would be either Snort (see
http://host22-107.prestige.net/) this is a temporary web site.  

or

Abacus PortSentry.  (should be at http://www.psionic.com but its down)

Both of these tools will warn you when you are being probe on certain
ports, portscanned, or in the case of snort (when a certain type of buffer
overflow, etc) is launched against your box, assuming there is a signature
for it.


Packet Storm security has all these tools and much much more.
http://packetstorm.securify.com



> 
> 
> -------------------------------------
> New things are always on the horizon.
> 
> >> -----Original Message-----
> >> From: KoML [mailto:koml@strato.net]
> >> Sent: Thursday, May 11, 2000 12:07 PM
> >> To: debian-firewall@lists.debian.org
> >> Subject: Intrusion Detection
> >> Importance: High
> >> 
> >> 
> >> This probably has been discussed or asked before.... but  i must have
> >> missed it. I was just wondering if there was any  debian packages or software
> >> out there for linux  thats can serve as a good Intrusion dectection
> >> system preferably real time with various methonds of alerts and 
> >> notifications. And if possible dynamically respond. Somethign like 
> >> BLack Ice Defender but on
> >> linux.
> >> 
> >> Any ideas .. suggestions ...appreciated.NI@
> >> [ujwZXn&زy~鹻&NnW{rٲٲז+׉
> >> 
> >> 
> >> --  
> >> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> >> with a subject of "unsubscribe". Trouble? Contact 
> >> listmaster@lists.debian.org
> >> 
> 
> On Thu, 11 May 2000, chris wrote:
> 
> > Tripwire for Linux is a good intrustion detection program, and it is offered
> > for free.
> > 
> 
> It's free as in price, there is also a GPL'd system (well, it's not
> in nonfree anyway) but it's still new, it's in Debian unstable, called
> AIDE, I've not had a change to test it yet. And I don't know of it's
> feature/bug list. Worth a look anyway.
> 
> Leen.
> 
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 

________________________________________________________________________
 Matthew D. Franz                                        mdfranz@io.com
 Trinux: A Linux Security Toolkit                 http://www.trinux.org
 OpenSEC: Open Security Solutions                http://www.opensec.net
------------------------------------------------------------------------



Reply to: