[plug] Active response IDSs?

ryan at is.as.geeky.as ryan at is.as.geeky.as
Sat Aug 3 02:37:39 WST 2002


Do you mean something like this:

http://packages.debian.org/stable/net/fwlogwatch.html

It can launch counter-measures (create new rules or run scripts etc) when it
detects certain activities.  It can run as a daemon too, not just a static
analyser.

I've read through the man page but that is as far as I have gone with it at
this stage.

Ryan

----- Original Message -----
From: "bob" <bob at fots.org.au>


> Anyone have anything they care to share regarding active response IDSs?
> I seem to be being hammered a bit at the moment and was wondering if
> there was anything decent in the way of IDS responses.
>
> And what are they looking for on port 33575?
>
> --
> bob
> Cave canem...te necet lingendo.
>
>



More information about the plug mailing list