Hi ya alim
what kind of intrusion are you trying to detect would
dictate what you would use...
- is port scanning an intrusion ??
- is a (single) ping an intrusion
- is nmap scan an intrusion
- if they installed their rootkit...you should be
able to notice that... tripwire is good at it..
- if someone in the office logs in as root...
you should be able to notice that.... send yourself
a email page....that instant ...
but independent of that,
some people use tripwire or aide...
have fun
alvin
http://www.Linux-Sec.net -- see the ids section for more stuff
On Mon, 28 May 2001 [EMAIL PROTECTED] wrote:
>
> anybody who can give me a rough estimate of an intrusion solution.
>
> -
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
