Am 12. Oct, 2000 schwäzte Kevin Brown so:
> I have been doing some research for my job looking at a few different packages
> regarding intrusion detection and system integrity. I'd like some opinions
> regarding some of the packages I have seen and looked at to date. The first is
> Snort (www.snort.org). It is a NIDS program for detecting attacks on a
Thus far I prefer snarfing syslog over snort. Snort reported that my xterm
was trying to break in via some m$ hole. Not exactly sure that adds to
their credibility :).
Here's some links for snort rulesets that came across ASULUG some time
ago.
http://whitehats.com/
http://snort.rapidnet.com/
> network. The other is Tripwire (www.tripwire.com). It is a system integrity
> checker that keeps track of changes to files on a system.
Most people I know that've used tripwire get tired of it reporting false
postives and quickly learn to ignore it.
Look at the forensics tools from Wietse Venema (father of tcpwrappers and
postfix) and Dan Farmer.
http://www.porcupine.org/forensics/
Their articles in Dr. Dobb's Journal:
http://www.porcupine.org/forensics/column.html
ciao,
der.hans
--
#
der.hans@LuftHans.com home.pages.de/~lufthans/
www.Opnix.com
# Stell dir vor, es ist Krieg und keiner geht hin...