Being the fresh recipient of some jerk's root kit, I'm looking at installing some intrusion detection software and am looking for some comments and suggestions from others about their experience.
Although I haven't installed it yet, Snort is where I'm most likely headed, but want to hear from you guys. My second question is this: If you don't know the PID, how do you kill an established TCP/UDP session w/o rebooting the box? All netstat does is show you the current activity. Thanks! -Mike _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
