From owner-freebsd-questions  Tue Jun 20 14: 9:45 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from mailhost.iitb.ac.in (mailhost.iitb.ac.in [203.197.74.142])
	by hub.freebsd.org (Postfix) with SMTP id 0B1B437BFB6
	for <questions@FreeBSD.ORG>; Tue, 20 Jun 2000 14:09:41 -0700 (PDT)
	(envelope-from chyrag@mitra.cse.iitb.ernet.in)
Received: (qmail 5557 invoked from network); 20 Jun 2000 21:19:24 -0000
Received: from mitra.cse.iitb.ernet.in (144.16.111.21)
  by mailhost.iitb.ac.in with SMTP; 20 Jun 2000 21:19:24 -0000
Received: (from chyrag@localhost)
	by mitra.cse.iitb.ernet.in (8.9.3/8.8.8) id CAA32066;
	Wed, 21 Jun 2000 02:37:29 +0530
Date: Wed, 21 Jun 2000 02:37:29 +0530
From: Chirag Kantharia <chyrag@slashetc.net>
To: "J. Goodleaf" <goodleaf@goodleaf.net>
Cc: questions@FreeBSD.ORG
Subject: Re: Advice on intrusion detection
Message-ID: <20000621023729.A32055@slashetc.net>
Reply-To: Chirag Kantharia <chyrag@slashetc.net>
References: <Pine.BSF.4.21.0006201334310.22397-100000@clyde.goodleaf.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0pre3us
In-Reply-To: <Pine.BSF.4.21.0006201334310.22397-100000@clyde.goodleaf.net>
X-Url: http://slashetc.net/chyrag/
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, Jun 20, 2000 at 01:36:20PM -0700, J. Goodleaf wrote:
| Just polling for suggestions on favorite intrusion detection
| systems. There are several ports that could be useful--in particular I
| head good things about snort--but I thought I'd troll before diving right
| in.

Portsentry is good one but it will keep track of ports being abused
(first level of security breach). if you want to detect second (where
the intruder logs onto the system) and third level of security breaches
(where the intruder is able to get a priveleged account) and take
appropriate action, then you should check out HostSentry.

Both portsentry and hostsentry are developed by Psionic software
(http://www.psionic.com) and are great tools.

chyrag.
-- 
Chirag Kantharia <chyrag@slashetc.net> http://slashetc.net/chyrag/
GCS/IT d- s-:->: a? C++++$ UBLS++++$ P++++(++)$ L++ E- W++ N--@ K---
w--- M->-- PE++ PGP->+ R* b+ DI+ D+ G++ e++ h* r-- !z+



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message