I forgot about snort. Downloaded it a while ago, haven't installed it. Much on 
the to-do list.

Quoting "Austad, Jay" <austad at marketwatch.com>:

> Snort (http://www.snort.org) is a good IDS system to use.  It will log
> to a
> database also, and you can report on the data using ACID
> (http://acidlab.sourceforge.net).  Apparently the latest version will
> support more than just MySQL, I'll probably be installing it today
> sometime.
> MySQL sucks on large databases (at least it did for me), and I'd like to
> switch to something else.  More attack sigs are available for snort at
> http://www.whitehats.com/ids
> 
> Jay
> 
> > -----Original Message-----
> > From: joel at luths.net [mailto:joel at luths.net]
> > Sent: Wednesday, June 06, 2001 12:21 PM
> > To: tclug-list at mn-linux.org
> > Subject: RE: [TCLUG] Security
> > 
> > 
> > Hm, 20/day is about what I get I think. I'm collecting stats, 
> > just haven't done 
> > much processing of them. Anyone logging ipchains DENYs for 
> > this (like me) might 
> > want to check out packet2sql 
> > (http://sourceforge.net/projects/packet2sql/). 
> > Pulls the ipchains lines out of log files and puts them in a 
> > SQL db. Should 
> > make analysis much easier, if I ever get around to it.
> > 
> > Quoting "Austad, Jay" <austad at marketwatch.com>:
> > 
> > > I get scanned quite a bit on my DSL also, probably about 20 
> > times a day.
> > > That's nothing compared to one of my networks, over 6000 
> > portscans a day
> > > (some are dummy scans of course, but it's still alot).  Fun.
> > > 
> > > 
> > > 
> > > > -----Original Message-----
> > > > From: joel at luths.net [mailto:joel at luths.net]
> > > > Sent: Wednesday, June 06, 2001 10:50 AM
> > > > To: tclug-list at mn-linux.org
> > > > Subject: Re: [TCLUG] Security
> > > > 
> > > > 
> > > > I'm running DSL and I get *lots* of scans.
> > > > 
> > > > Quoting Brian <lxy at cloudnet.com>:
> > > > 
> > > > > On Tue, 5 Jun 2001, Dave Sherohman wrote:
> > > > > 
> > > > > > 
> > > > > > Nah.  They're talking to portmap, not telnetd.  Those 
> > requests are
> > > > > asking
> > > > > > about available RPC services, most likely in hopes of 
> > finding a
> > > > > vulnerable
> > > > > > NIS or NFS installation.
> > > > > 
> > > > > Ok, I've heard of exploits on RPC, now I'm curious.  What's 
> > > > using RPC? 
> > > > > Is
> > > > > it just NIS and NFS?  I've heard of tons of RPC ports 
> > > > strewn about that
> > > > > can be exploited, it's the only remaining port that I'm 
> > > > worried about on
> > > > > my system.
> > > > > 
> > > > > back to the original question on security, port scans 
> > are part of
> > > > > life.  Kiddies all over the internet like to run their 
> > port scanners
> > > > > because they're HACKERS and they're unstoppable!  just 
> > like in the
> > > > > movie!  *rolls eyes*  Just make sure you aren't running anything
> > > > > unnecessary, like xfs, nis, nfs, etc.  Out of curiosity, 
> > > > are you on a
> > > > > cable modem?  I've noticed that when I was on DSL no one 
> > > > even looked at
> > > > > my
> > > > > box but on cable in the last week I've collected large 
> > amounts of IP
> > > > > addresses probing away at my firewall.  They've mainly been 
> > > > targeting
> > > > > FTP,
> > > > > which is odd, since I hadn't had ftpd up and running at 
> > that point. 
> > > > > Real
> > > > > bright ones, they are! :-)
> > > > > 
> > > > > tcp wrappers do a pretty good job, an ALL:ALL in 
> > hosts.deny lets me
> > > > > sleep
> > > > > at night anyway.  I also have a policy of denying ICMP 
> > > > requests on my
> > > > > outside interface just to thwart the really stupid 
> > kiddies.  Between
> > > > > these
> > > > > two I feel relatively secure.  Then just check your startup 
> > > > script to
> > > > > make
> > > > > sure you aren't running anything you don't need to be.
> > > > > 
> > > > > -Brian
> > > > > 
> > > > > _______________________________________________
> > > > > tclug-list mailing list
> > > > > tclug-list at mn-linux.org
> > > > > https://mailman.mn-linux.org/mailman/listinfo/tclug-list
> > > > > 
> > > > > 
> > > > _______________________________________________
> > > > tclug-list mailing list
> > > > tclug-list at mn-linux.org
> > > > https://mailman.mn-linux.org/mailman/listinfo/tclug-list
> > > > 
> > > _______________________________________________
> > > tclug-list mailing list
> > > tclug-list at mn-linux.org
> > > https://mailman.mn-linux.org/mailman/listinfo/tclug-list
> > > 
> > > 
> > _______________________________________________
> > tclug-list mailing list
> > tclug-list at mn-linux.org
> > https://mailman.mn-linux.org/mailman/listinfo/tclug-list
> > 
> _______________________________________________
> tclug-list mailing list
> tclug-list at mn-linux.org
> https://mailman.mn-linux.org/mailman/listinfo/tclug-list
> 
>