Mark Courtney writes: > Is there any way to detect if ports are being probed/sniffed? I've seen > programs like Snort, etc. Does anyone have any opionions about intrusion > detection systems? Are they effective? Are there other ways to manually > detect intrusion? Depends. The tradeoff in configuring Tripwire + Snort versus rebuilding if you're rooted may well not be in favor of Tripwire + Snort. I've never tried Tripwire (Mandrake's msec gives you "tripwire lite"), but snort is an absolute bear to commission. You'll spend an age filtering out the rules that give you pointless false positives. R _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list