Re: Recommend good IDS? was Re: /dev/shm/r?

To: debian-security@lists.debian.org
Subject: Re: Recommend good IDS? was Re: /dev/shm/r?
From: Nikolai Lusan <nikolai@lusan.id.au>
Date: Thu, 04 Jun 2009 04:22:11 +1000
Message-id: <[🔎] 1244053332.3912.470.camel@donetsk.home.lusan.id.au>
In-reply-to: <[🔎] 2be970b50906030853t29dfb90atd60089611f98e336@mail.gmail.com>
References: <[🔎] 2be970b50906030853t29dfb90atd60089611f98e336@mail.gmail.com>

On Wed, 2009-06-03 at 08:53 -0700, john wrote:
> On Tue, Jun 2, 2009 at 4:45 PM, Josh Lauricha <josh@lauricha.com> wrote:
> > I'm surprised more people aren't running tripwire or other IDS.
> I'd be interested to hear some recommendations for IDS to run on
> internet facing servers. Especially from the point of view of ease of
> installation, ease of maintenance, quality of the tool, and ability to
> have it deliver really useful information to the admin. 

It really depends on what you want. I'm using a combination of PADS
(Passive Attack Detection System) and fail2ban ... these can both be run
on either a host or a router, and integrate with netfilter. You can
customise what they are looking for to report and ban. Fail2ban is good,
it lets me blackhole people attempting nasty things in quick order ...
even better when combined with ipset and a decent firewall setup.
-- 
Nikolai Lusan <nikolai@lusan.id.au>

Reply to:

References:
- Recommend good IDS? was Re: /dev/shm/r?
  - From: john <lists.john@gmail.com>

Prev by Date: Re: Recommend good IDS? was Re: /dev/shm/r?
Next by Date: Re: Recommend good IDS? was Re: /dev/shm/r?
Previous by thread: Re: Recommend good IDS? was Re: /dev/shm/r?
Next by thread: Re: Recommend good IDS? was Re: /dev/shm/r?
Index(es):
- Date
- Thread