[Gllug] hacked !

will will at hellacool.co.uk
Thu Nov 29 13:04:51 UTC 2001

Paul Brazier wrote:

>>Consider some kind of IDS system. I was easily able to port scan your
>>box. A more secure system might have detected a port scan after the
>>first few ports, and temporarily blocked access from that IP. The
>>harder you make it for a potential attacker, the more likely they
>>are to just pick on an easier target elsewhere.
> Can anyone recommend an IDS (Intruder Detection System?)
> Can you use iptables for a simple version of this port scan detection or
> do you need something more complex?

Have a look at tripwire and portsentry:


The portsentry site was not responding, but is linked to from the 
linuxjournal site.  I have not used these packages before but have heard 
good things about them.  I am sure others have their favouites :-)


Gllug mailing list  -  Gllug at linux.co.uk

More information about the GLLUG mailing list