[Gllug] hacked !

will will at hellacool.co.uk
Thu Nov 29 13:04:51 UTC 2001


Paul Brazier wrote:

>>Consider some kind of IDS system. I was easily able to port scan your
>>box. A more secure system might have detected a port scan after the
>>first few ports, and temporarily blocked access from that IP. The
>>harder you make it for a potential attacker, the more likely they
>>are to just pick on an easier target elsewhere.
>>
> 
> Can anyone recommend an IDS (Intruder Detection System?)
> Can you use iptables for a simple version of this port scan detection or
> do you need something more complex?


Have a look at tripwire and portsentry:

http://www.tripwiresecurity.com/
http://www.linuxjournal.com/article.php?sid=4751

The portsentry site was not responding, but is linked to from the 
linuxjournal site.  I have not used these packages before but have heard 
good things about them.  I am sure others have their favouites :-)

Will.


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list