ok, you could start with portsentry, (it comes with you mandrake disks.. it will listen for portscans and dynamically add them to your firewall rules... it also logs attempts...
If you want to go further, you can get snort, which monitors interfaces for traffic and compares what it finds to updatable rules... and it has many possible means of notifying you of what it finds.. and if you use it with guardian it can respond in kind... Snort is the best possible answer, but its not a GUI setup (snort.org) and it uses alot of CPU time examing all packets... prelude is that mandrake 8.1 comes with I believe.. it is similiar in design to snort, except it appears to be modularised, and can read snort and other rules by inserting modules.. from what I can tell, the main benefit of prelude is that it can be used with clusters of servers to spread the load.. as you can see, this is a fairly high end solution... that should give you a start.. also, if you have an existing list of firewall rules, just adding -l to the end of them, will result in them loggin deny's or drops to syslog which if you install logcheck (also on you CD's), it will scan the logs, put anything relivent in an email and ship it to you.... good stuff.. rgds Frank -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of David Robertson Sent: Monday, 1 October 2001 11:37 PM To: [EMAIL PROTECTED] Subject: [newbie] virus attacks, etc Hi You hear so much now about hackers, probing, etc while connected to the net. Not that any of my data is worth stealing, just how can I detect any probes or find out if anyone is trying to get to my computer. I know this is a vast subject, so can anyone at least point me in the right direction to learn about appropriate programs, etc, or is there a simple way. Are there tools that come with LM 8.0 that will do the job? Thanks David
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
