On Thu, Jul 05, 2001 at 10:09:44AM +1000, Booth, Christopher (Aus) - ATP wrote:
> Hi
>
> Here at work after a typo in an IP-address, I got bombarded by a program
> called nessus from our IT security.
> It ended up being a DOS attack on my machine.
>
> Is here anyone familiar with the usage of Nessus, I have since downloaded
> it, and am running it against my own machine as localhost at the moment.
Nessus is basiaclly a port scanner / Security probing tool. It has an
insane number of plugins that test a whole heap of security
vunerabilitys. Be careful what you run it against it's fairly easy to
crash machines if they haven't been patched for all the latest security
holes.
Oh yeah don't tick that box that says grab DNS Zone file. It actually
does a named-xfer for your domain and then probes all the boxes in your
domain. You can get into a lot of trouble for this, especially say on a
uni network :)
>
> There are other tools out there, like Netsaint, Snort and Prelude.
Netsaint is a monitoring tool and absolutley walks over any other open
source product I've seen. Which is why we use it at work. If you want to try out a
working copy there's one on www.netsaint.org or try the one I setup at
trial.bulletproof.net.au.
Snort is an IDS(Intrusion Detection System) tool, very nice logs all
sorts of things to auth.log. Much nicer if combined with snortsnarf
which gives you a web interface to what it found.
Haven't heard of Prelude but I'm about to go look :)
--
John Ferlito
Senior Engineer - Bulletproof Networks
ph: +61 (0) 410 519 382
http://www.bulletproof.net.au/
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
