[NTLUG:Discuss] Intrusion and Detection
Kenneth Loafman
ken at lt.com
Fri Dec 21 10:45:00 CST 2001
With all the packages like Tripwire and others that detect intrusion,
are there any that are "better" than others? What are your experiences?
My home system just got rooted via an ssh bug and my own personal
detection system spotted it (ps did not work right), but the damage had
been done. Right now the the system is off the net, but I want to
reopen the ssh port again so I can get to it from work.
Been doing some forensics and it looks like the work of a script-kiddie,
even left the .tgz file and install scripts on the system. Nasty stuff,
but it does not look like he left a worm installed, just set it up to
allow him to get back in. That's secured now, no inbound connections
available.
So, back to the question... what's a good intrusion detection system?
I'm decidely not a novice, but I don't have much time to mess with an
overly complex systems, so ease-of-use is a consideration.
...Thanks,
...Kenneth
More information about the Discuss
mailing list