Quoting [EMAIL PROTECTED] ([EMAIL PROTECTED]): > Hi fellow pluggers! Could you recommend some other Intrusion Detection tools > aside from snort?
As is frequently the case, the appropriate answer depends on what you call an IDS. nmap is an essential command-line tool to probe hosts to see what they look like from the network. But, as such, it is usually not classified as an IDS. However, it's extremely useful to probe your own network with nmap: You find out things you'd otherwise perhaps never notice. Nagios is the successor to SAINT/Netsaint, which in turn was an open-source alternative to SATAN. (SATAN was issued under proprietary licensing, and has languished.) Abacus Project stuff (LogCheck, PortSentry, and HostSentry) is considered IDS-ish. Licence is proprietary, but generous. PortSentry tries to find incoming probes in real time and react by denying access. I consider the basic approach unwise: Someone can get you to DoS yourself by spoofing attacks from your own IPs, or those of interest to you. AIDE and Integrit are classic host-based IDSes, similar to Tripwire. I prefer AIDE, generally. Integrit is very new. Long lists of IDSes: http://users.pandora.be/discofreq/Links/security_intrusiondetectionsystems.html http://packetstorm.widexs.nl/UNIX/IDS/ (and other packetstorm mirrors) Be aware that IDSes divide conceptually into host-based vs. network-based systems. The latter are sometimes called NIDSes. (Any IDS that is administered without careful attention to its security will be worse than useless, as it will give you false assurance.) -- Cheers, "Transported to a surreal landscape, a young girl kills the first Rick Moen woman she meets, and then teams up with three complete strangers [EMAIL PROTECTED] to kill again." -- Rick Polito's That TV Guy column, describing the movie _The Wizard of Oz_ _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
