hi in my opinion only:
the standard stuff is probably what just you need: at the outside layer you have iptables/ipchains; at the middle you have tcp wrappers (x/inetd.conf), and at the inner you have the applications themselves (httpd.conf, or whatever). Why need anything else..(except a hardware firewall at the outside if you have one) the problem with preventing exploits is you dont exactly know when a new one is coming from, so nobody knows how to prevent it yet...a good detector that i think your asking for has to know all available avenues for attack.... the usefulness of IDS is you know for sure that yur invaded alrady, so its time to analyze what happened or pull the backup tapes. its like the antivirus/virsuscanner thingy. At least your sure you're not broken into yet. jondz On Fri, 2003-08-01 at 01:02, [EMAIL PROTECTED] wrote: > thanks...but i'm not asking for inputs on ids....but on IPS. > ...intrusion PREVENTION system. > > thanks. > > sammy > > > -----Original Message----- > From: Joshua San Juan [mailto:[EMAIL PROTECTED] > Sent: Fri 8/1/2003 12:41 PM > To: [EMAIL PROTECTED] > Cc: > Subject: Re: [plug] linux ips > > > > > >From: Dean Michael Berris <[EMAIL PROTECTED]> > > > >there are active/passive IDS's like snort and portsentry, which could be > >... [ snipped] ... > > As far as my experience (last time I used it was a year ago) goes with > portsentry, you have to be very careful with its configuration - set the > configuration to be too "sensitive" and you risk blocking valid > connections. > > > -- > Joshua > > _________________________________________________________________ > Protect your PC - get McAfee.com VirusScan Online > http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 > > -- > Philippine Linux Users' Group (PLUG) Mailing List > [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) > Official Website: http://plug.linux.org.ph > Searchable Archives: http://marc.free.net.ph > . > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug > . > Are you a Linux newbie? To join the newbie list, go to > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie > ########################################### > > This message has been scanned by F-Secure Anti-Virus for Microsoft > Exchange. > For more information, connect to http://www.F-Secure.com/ > > > > > ______________________________________________________________________ > > -- > Philippine Linux Users' Group (PLUG) Mailing List > [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) > Official Website: http://plug.linux.org.ph > Searchable Archives: http://marc.free.net.ph > . > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug > . > Are you a Linux newbie? To join the newbie list, go to > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie -- Hagibis Fan <[EMAIL PROTECTED]> -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
