Snort is Intrusion Detection software. Someone is trying to hack in, it locks them out. (Drops packets from their IP address if they port scan you on more than 3 ports. Configure it how it makes sense for you.)
Tripwire is for after they've gotten in. Tripwire assures that your important files haven't been messed with. It will take MD5 sums of things like /bin/bash and make sure thet they aren't replaced by someone who has control of your machine. This way, you don't need to worry that you need to reinstall the whole OS after a successful hack, because you can see what has changed. Tripwire will alert you that /foo/bar has been replaced with some illegitimate version which probably comes complete with it's very own built in trojan. Port Sentry I'm not experiencially familiar with, but I think it's like Snort, and Demarc I haven't heard of. These are REALLY high level overviews. Kev. ----- Original Message ----- From: "Richard Jenniss" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, October 01, 2002 12:28 PM Subject: Re: (clug-talk) Fw: Firewall, and monitoring > So far I've been told about > > Snort, portsentry, tripwire and demarc. > > Should I use all of them, or would some of them be redundant? > > On Tue, 1 Oct 2002 08:54:17 -0600 > "Kevin Anderson" <[EMAIL PROTECTED]> wrote: > > > Snort > >
