[plug] Detecting Apache Attacks...
Trevor Phillips
T.Phillips at murdoch.edu.au
Thu Oct 24 11:00:08 WST 2002
On Thursday 24 October 2002 10:39, garry wrote:
> Doing a quick "apt-cache search snort", I got a listing including snort,
> psad and acidlab. Can't vouch for them, but snort is used in the Smoothwall
> firewall so I guess it works..
I'm more interested in post-attack log processing, than full on live firewall
prevention. Sure, a firewall would be good long term, but right now I'm after
a quick curiosity satisfier, based on log analysis. ^_^
ie; A glorified "grep cmd.exe logs/*". ^_^
--
. Trevor Phillips - http://jurai.murdoch.edu.au/ .
: Web Technical Administrator - T.Phillips at murdoch.edu.au :
| IT Services - Murdoch University |
>--------------------------------------------------------------------<
| On nights such as this, evil deeds are done. And good deeds, of /
| course. But mostly evil, on the whole. /
\ -- (Terry Pratchett, Wyrd Sisters) /
More information about the plug
mailing list