prelude looks promising, but.... If you want IDS, uninstall it and go with Snort. If you are familiar enough with Snort to talk about its limitations and how Prelude can go past them, then worry about Prelude.
Shouldn't be the default IDS package by a long shot. Jack On Thu, 2003-07-03 at 19:50, Alfredo Cole wrote: > Hi: > > I have searched for the docs to prelude-ids. I'm using > LM 9.0 and can't seem to find any. Even the link to > docs seems broken at www.prelude-ids.org. > > Anybody knows what the following means: > > *** Wed Jul 2 09:43:46 2003 > Plugin : ScanDetect > Author : Yoann Vandoorselaere > Contact : [EMAIL PROTECTED] > description : Detect almost all kind of scanning. > kind : Should be ok > received : 1 time > message : Udp scanning attempt: 43 cnx from port 1320 > to 33823 in 20 seconds. > > Ether hdr : 0:7:84:84:c4:8 -> 0:a0:cc:a1:fc:75 > [ether_type=ip (2048)] > Ip hdr : 200.12.228.2 -> 200.91.120.78 > [hl=20,version=4,tos=0,len=126,id=0,ttl=63] > Udp hdr : 53 -> 33757 [len=106] > Data hdr : size=98 bytes > > Data hexadecimal dump follow : > bc ab 85 83 00 01 00 00 00 01 00 00 08 45 64 75 > .............Edu > 61 72 64 6f 53 06 73 69 6e 74 65 72 03 63 6f 6d > ardoS.sinter.com > 02 6e 69 00 00 01 00 01 c0 15 00 06 00 01 00 01 > .ni............. > 51 80 00 2e 02 6e 73 08 63 61 62 6c 65 6e 65 74 > Q....ns.cablenet > c0 1c 09 77 65 62 6d 61 73 74 65 72 c0 15 77 64 > ...webmaster..wd > 29 01 00 00 1c 20 00 00 1c 20 00 09 3a 80 00 01 > ).... ... ..:... > 51 80 > Q. > > I would like to know what the threat is, who did it, > from where, etc. Any help or pointers to docs would be > appreciated. > > Thank you and regards. > > > ===== > -- > Alfredo J. Cole > http://www.acyc.com > http://www.clshonduras.com > > __________________________________ > Do you Yahoo!? > SBC Yahoo! DSL - Now only $29.95 per month! > http://sbc.yahoo.com > > > ______________________________________________________________________ > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com -- Jack Coates Monkeynoodle: A Scientific Venture... http://www.monkeynoodle.org/resume.html
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
