[TCLUG] intrusion detector

Tue Feb 5 09:51:38 CST 2002

Try Demarc (demarc.com)

It uses snort and has a sweet frontend for analysis and reporting.  Much
better than ACID.

Jay

> -----Original Message-----
> From: Joel T Schneider [mailto:jts at tc.umn.edu] 
> Sent: Monday, February 04, 2002 5:22 PM
> To: tclug-list at mn-linux.org
> Subject: Re: [TCLUG] intrusion detector
> 
> 
> On Mon, 4 Feb 2002 Raymond Norton wrote:
> > Message: 10
> > From: "Raymond Norton" <ray at lctn.k12.mn.us>
> > To: <tclug-list at mn-linux.org>
> > Date: Mon, 4 Feb 2002 14:52:55 -0600
> > Reply-To: tclug-list at mn-linux.org
> > 
> > A while back someone posted a link to a nice intrusion 
> detector program. It
> > had a web interface which displayed attempts, types of attacks, and
> > specifically had a screen shot showing nimda attacks. 
> Anyone know where I
> > can find it?
> 
> Among IDS software packages, many people seem to prefer snort:
> 
  http://www.snort.org/

If you store the snort output in a database, ACID can generate nice
reports for you (better not to run httpd or other services on IDS machine,
though):

  http://acidlab.sourceforge.net/

Snortsnarf is another tool for analyzing snort output:

  http://www.silicondefense.com/software/snortsnarf/

Other links of potential interest:

http://www.prelude-ids.org/
http://www.tripwire.org/
http://www.lids.org/
http://www.psionic.com/
http://www.freshmeat.net/projects/swatch/
http://www.bastille-linux.org/
http://www.cisecurity.org/bench.html
http://www.nessus.org/
http://www.iss.net/
http://www.webtrends.com/
http://www.net.tamu.edu/network/tools/tiger.html
http://www.intersectalliance.com/projects/Snare/index.html
http://www.resentment.org/projects/viperdb/
http://www.chkrootkit.org/
http://www.immunix.org/
http://www.securityfocus.com/
http://www.sans.org/
http://www.linuxsecurity.org/

(Note that I do not presently consider myself a security expert - most of
the above links were gleaned from security related conference sessions at
the recent LWCE - http://www.linuxworldexpo.com/)

Joel

_______________________________________________
Twin Cities Linux Users Group Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org
tclug-list at mn-linux.org
https://mailman.mn-linux.org/mailman/listinfo/tclug-list