[plug] Active response IDSs?
Craig Foster
fostware at iinet.net.au
Sat Aug 3 03:03:47 WST 2002
If you want to block people doing scans, you can use portsentry, where
not-very-nice-people get sent to an iptables or ipchains DENY...
Just make sure that VERY trusted machines are excluded, such as your
routers and mail servers, just in case someone tries spoofing your
router (very funny results - not)
Craig F.
> -----Original Message-----
> From: ryan at is.as.geeky.as [mailto:ryan at is.as.geeky.as]
> Sent: Saturday, August 03, 2002 2:38 AM
> To: plug at plug.linux.org.au
> Subject: Re: [plug] Active response IDSs?
>
>
> Do you mean something like this:
>
> http://packages.debian.org/stable/net/fwlogwatch.html
>
> It can launch counter-measures (create new rules or run
> scripts etc) when it
> detects certain activities. It can run as a daemon too, not
> just a static
> analyser.
>
> I've read through the man page but that is as far as I have
> gone with it at
> this stage.
>
> Ryan
>
> ----- Original Message -----
> From: "bob" <bob at fots.org.au>
>
>
> > Anyone have anything they care to share regarding active
> response IDSs?
> > I seem to be being hammered a bit at the moment and was wondering if
> > there was anything decent in the way of IDS responses.
> >
> > And what are they looking for on port 33575?
> >
> > --
> > bob
> > Cave canem...te necet lingendo.
> >
> >
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3238 bytes
Desc: not available
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20020803/1b5db669/attachment.bin>
More information about the plug
mailing list