Snort mailing list archives
Re: what is good
From: "ScotScot" <scotw () hotmail com>
Date: Sun, 21 Apr 2002 21:07:35 -0500
If you want good Host Based Intrusion Detection, turn your file access control auditing on and create scripts to monitor the log files. Unix - Setup a cron job to run grep queries and mail to admin when certain strings are found in log files. Windows - Setup an AT job to run "find" queries, or go to http://unxutils.sourceforge.net/ and do it just like you would on a *nix box. Also, write a couple decoy progies to listen on unused ports and log to a static file. You can then write a grep script to activate a snort dump for "x" number of packets after the decoy is tripped off. You can do all of this with Perl. If you don't know Perl, get one of those teach yourself Perl in 24 hours books, you'll love it. "It's all about the Pentium" ---Weird AL ----- Original Message ----- From: "John Sage" <jsage () finchhaven com> To: <snort-users () lists sourceforge net> Sent: Sunday, April 21, 2002 5:11 PM Subject: Re: [Snort-users] what is good
On Sun, Apr 21, 2002 at 03:32:28PM -0500, Onie Camara wrote:We've got good nids, snort. What then would be a good opensource/free
hids?
umm.. snort?Thanks in advance.Not all. - John -- In those days, you could not buy a $2000 200MHz Pentium server. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- what is good Onie Camara (Apr 21)
- Re: what is good John Sage (Apr 21)
- Re: what is good ScotScot (Apr 21)
- Re: what is good ScotScot (Apr 21)
- Re: what is good Onie Camara (Apr 21)
- Re: what is good ScotScot (Apr 21)
- Re: what is good John Sage (Apr 21)
- <Possible follow-ups>
- Re: what is good Andreu . Gomez (Apr 22)