RE: Intrusion Detection

To: "L. Besselink" <leen@poindexter.wirehub.nl>
Cc: chris <chris@drjcomputing.com>, koml@strato.net, debian-firewall@lists.debian.org
Subject: RE: Intrusion Detection
From: Matthew Franz <mdfranz@io.com>
Date: Thu, 11 May 2000 16:49:48 -0500 (CDT)
Message-id: <[🔎] Pine.LNX.4.10.10005111641180.13267-100000@eris.io.com>
In-reply-to: <[🔎] Pine.BSF.4.21.0005112226220.86124-100000@poindexter.wirehub.nl>

While all of the aforementioned tools *do* actually perform IDS, they have
all been host based, in the case of tripwire they are looking for modified
files (reconfigs, rootkits) and will generally tell you *way too late*
meaning after your host has already been compromised. 

The closest thing to BlackIce would be either Snort (see
http://host22-107.prestige.net/) this is a temporary web site.  

or

Abacus PortSentry.  (should be at http://www.psionic.com but its down)

Both of these tools will warn you when you are being probe on certain
ports, portscanned, or in the case of snort (when a certain type of buffer
overflow, etc) is launched against your box, assuming there is a signature
for it.


Packet Storm security has all these tools and much much more.
http://packetstorm.securify.com



> 
> 
> -------------------------------------
> New things are always on the horizon.
> 
> >> -----Original Message-----
> >> From: KoML [mailto:koml@strato.net]
> >> Sent: Thursday, May 11, 2000 12:07 PM
> >> To: debian-firewall@lists.debian.org
> >> Subject: Intrusion Detection
> >> Importance: High
> >> 
> >> 
> >> This probably has been discussed or asked before.... but  i must have
> >> missed it. I was just wondering if there was any  debian packages or software
> >> out there for linux  thats can serve as a good Intrusion dectection
> >> system preferably real time with various methonds of alerts and 
> >> notifications. And if possible dynamically respond. Somethign like 
> >> BLack Ice Defender but on
> >> linux.
> >> 
> >> Any ideas .. suggestions ...appreciated.N…I@
> >> éŠ[uæjwì–Zªç¶X¶Çn&¢¸ŠØ²æyË~é¹»®&NºnW¢{rÙ²Ù²×–+±×‰©
> >> 
> >> 
> >> --  
> >> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> >> with a subject of "unsubscribe". Trouble? Contact 
> >> listmaster@lists.debian.org
> >> 
> 
> On Thu, 11 May 2000, chris wrote:
> 
> > Tripwire for Linux is a good intrustion detection program, and it is offered
> > for free.
> > 
> 
> It's free as in price, there is also a GPL'd system (well, it's not
> in nonfree anyway) but it's still new, it's in Debian unstable, called
> AIDE, I've not had a change to test it yet. And I don't know of it's
> feature/bug list. Worth a look anyway.
> 
> Leen.
> 
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 

________________________________________________________________________
 Matthew D. Franz                                        mdfranz@io.com
 Trinux: A Linux Security Toolkit                 http://www.trinux.org
 OpenSEC: Open Security Solutions                http://www.opensec.net
------------------------------------------------------------------------

Reply to:

References:
- RE: Intrusion Detection
  - From: "L. Besselink" <leen@poindexter.wirehub.nl>

Prev by Date: RE: Intrusion Detection
Next by Date: Connecting through firewall
Previous by thread: RE: Intrusion Detection
Next by thread: Connecting through firewall
Index(es):
- Date
- Thread