Isn't portsentry primarily designed just to react to portscans only? I don't think it will detect modified files or send alerts about attempted exploits. Portsentry is a good tool though. It'll generate ipchains rules to block the ip of a host which is scanning you. I have a friend who runs it at the dorms at the U of MN. He gets scanned ALOT. Someone broke into his box last year and was saturating a DS3 with his box doing a DoS against some other site. Jay > -----Original Message----- > From: grey Moon-Wolf [mailto:mtsqph at yahoo.com] > Sent: Sunday, December 31, 2000 5:43 PM > To: tclug-list at lists.real-time.com > Subject: Re: [TCLUG] Linux Intrustion Detection? > > > > --- Bob Tanner <tanner at real-time.com> wrote: > > Anyone have a recommendation on intrustion detection > > software for linux? > > Portsentry... check out Nov/Dec 2000 issue of Maximum > Linux, might be a bunch of meatballs but they have > provided some pretty decent software... The issue > deals with security matters... found it a good read. > And the free CD had some interesting downloads. > Manuel. > > __________________________________________________ > Do You Yahoo!? > Yahoo! Photos - Share your holiday photos online! > http://photos.yahoo.com/ > _______________________________________________ > tclug-list mailing list > tclug-list at lists.real-time.com > https://mailman.real-time.com/mailman/listinfo/tclug-list >