[CLUE-Tech] Security tools
Jed S. Baer
thag at frii.com
Thu Sep 27 11:04:23 MDT 2001
I haven't read the snort docs for a while, so I'm going on memory here.
When I was looking at it, I thought hey, that's cool, but why can't I get
an X11 popup when there's an alarm? IIRC, it would do a WinPopup, but that
doesn't help much, coz I boot my windows box about once every 2 weeks.
Doesn't it require Samba for the WinPopup to work? If that's true, then
one would have to be checking /var/log/messages, or some other logfile, to
get notified when an intrusion is in progress. The cool thing would be a
little Tk or gtk app with also had some sort of semaphore process, or
would just tail|grep the logfile, and do visual/audible notification
immediately when an intrusion is detected. I suppose that if one is
confident of one's settings, that just letting it do it's thing silently
in the background is a good thing -- avoiding gobs of annoying popups
which require no action -- but I'd like to know when I'm being
portscanned, and I couldn't see an easy way to set that up.
ian <iguy at ionsphere.org> wrote:
> Snort is considered the best open source IDS out there. What don't you
> like about it?
>
> ian
> On Wed, Sep 26, 2001 at 10:24:52PM -0600, Todd M. Gipson wrote:
> > Can someone point in the direction of a strong open source IDS system.
> I am
> > currently using snort. I am not that impressed with it. Thanks in
> advance.
> >
> > Todd
> >
> > _______________________________________________
> > CLUE-Tech mailing list
> > CLUE-Tech at clue.denver.co.us
> > http://clue.denver.co.us/mailman/listinfo/clue-tech
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
>
More information about the clue-tech
mailing list