The best way to watch what's happening to a system is to have a listener that sees everything the target sees with the NIC listening in promiscuous mode. Have a NID software suite analyzing the traffic and you'll be surprise what you see. You can run the NID on the host itself, but I think it's better if the NID is itself not addressable. I'm sure there are others on the list who can give more practical advice - not to mention I think there was a presentation on Nagios at a recent Penguins Ubound meeting. -Rob On Wed, Feb 2, 2011 at 11:13 PM, Jason Hsu <jhsu802701 at jasonhsu.com> wrote: > I've heard that if you connect online through Windows without patches, you > can expect someone to break into your system in a matter of minutes. This > is why you need a firewall, Linux (better), or both (best). > > Is there a way to detect attempts to break into your system? I'd like to > see just how often somebody out there tries to break into my system and see > how much more difficulty the hackers have as I take steps to improve > security. > > -- > Jason Hsu <jhsu802701 at jasonhsu.com> > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20110203/a70944ad/attachment.html>