[Gllug] hacked !
gllug at uncertainty.org.uk
gllug at uncertainty.org.uk
Thu Nov 29 19:48:21 UTC 2001
On Thu, Nov 29, 2001 at 02:07:03PM +0000, will wrote:
> itsbruce at uklinux.net wrote:
>
> > On 11/29/01, 11:47:19 AM, "Paul Brazier" <pbrazier at cosmos-uk.co.uk> wrote
> > regarding RE: [Gllug] hacked ! :
> >
> >>Can anyone recommend an IDS (Intruder Detection System?)
> >
> > Snort. If anybody suggests portsentry to you, hit them.
>
>
> Why...
I don't much like portsentry either - especially if it is configured to
block access from any (spoofed) ip address that attempts to connect to
an unused oport !
personally I find tripwire reassuring - though I wish it produced more
condensed reports - esp when nothing has changed.
I also use iptables to create logs of connection attempts to unused
ports - but so far I only monitor port 80 actively !
--
Sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 274 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20011129/98fc863a/attachment.pgp>
More information about the GLLUG
mailing list