On Sunday 20 April 2003 01:49 pm, rpgoldman at real-time.com wrote:
> Mark Courtney writes:
>  > Is there any way to detect if ports are being probed/sniffed?  I've seen
>  > programs like Snort, etc.  Does anyone have any opionions about
>  > intrusion detection systems?  Are they effective?  Are there other ways
>  > to manually detect intrusion?
>
> Depends.  The tradeoff in configuring Tripwire + Snort versus
> rebuilding if you're rooted may well not be in favor of Tripwire +
> Snort.  I've never tried Tripwire (Mandrake's msec gives you
> "tripwire lite"), but snort is an absolute bear to commission.  You'll
> spend an age filtering out the rules that give you pointless false
> positives.

Hmm, sounds like a tclug project :-) Snort configuration for a "typical" home 
network?

-- 
Bob Tanner <tanner at real-time.com>         | Phone : (952)943-8700
http://www.mn-linux.org, Minnesota, Linux | Fax   : (952)943-8500
http://www.linuxjustworks.com             | Linux Just Works!         
Key fingerprint = AB15 0BDF BCDE 4369 5B42  1973 7CF1 A709 2CC1 B288

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list