On Sunday 20 April 2003 01:49 pm, rpgoldman at real-time.com wrote: > Mark Courtney writes: > > Is there any way to detect if ports are being probed/sniffed? I've seen > > programs like Snort, etc. Does anyone have any opionions about > > intrusion detection systems? Are they effective? Are there other ways > > to manually detect intrusion? > > Depends. The tradeoff in configuring Tripwire + Snort versus > rebuilding if you're rooted may well not be in favor of Tripwire + > Snort. I've never tried Tripwire (Mandrake's msec gives you > "tripwire lite"), but snort is an absolute bear to commission. You'll > spend an age filtering out the rules that give you pointless false > positives. Hmm, sounds like a tclug project :-) Snort configuration for a "typical" home network? -- Bob Tanner <tanner at real-time.com> | Phone : (952)943-8700 http://www.mn-linux.org, Minnesota, Linux | Fax : (952)943-8500 http://www.linuxjustworks.com | Linux Just Works! Key fingerprint = AB15 0BDF BCDE 4369 5B42 1973 7CF1 A709 2CC1 B288 _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list