Date: Sun, 11 Aug 2002 18:38:40 +0200 From: Volker Kindermann <freebsd@secspace.de> To: freebsd-questions@freebsd.org Cc: freebsd-questions@freebsd.org Subject: Re: aide-0.7_1 docs? Message-ID: <20020811183840.3f97eff3.freebsd@secspace.de> In-Reply-To: <1029070581.38776.180.camel@Demon.vickiandstacey.com> References: <20020810180914.Y9801-100000@x1-6-00-80-c8-3a-b8-46> <1029018608.38776.126.ca mel@Demon.vickiandstacey.com> <20020811115009.01fa251a.freebsd@secspace.de> <1029061905.38776.139.camel@Demon.vickiandstacey.com> <0a5f01c24130$c1cd7b60$6401a8c0@crotchett.com> <1029070581.38776.180.camel@Demon.vickiandstacey.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Stacey, > Its good of you all to get back to me. At this point, I am beginning to > believe that maybe I'm thinking of *something else* here, when I say > Intrusion Detection System. well, it depends, as so often. There are two groups of Intrusion Detection Systems, network-based and host-based. Tools like tripwire or aide are of the second group, but they specialize in file integrity checking. They are not the tools that will report you an ongoing attack but after that, they will help to understand the way that attack worked and they will hopefully save you time in rebuilding the system. The only free host-based intrusion detection system that I know for unixlike computers that will alert you of ongoing attacks is hostsentry (www.psionic.com). Realtime attack alerting is more the job of the network-based systems as Dru wrote you (e.g. snort). -volker To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020811183840.3f97eff3.freebsd>