[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] IPChains Tool

Hi Carrie,

> My next project is Snort... *grin*

My recommendation: Go for it!

I did that when Demarc came out and I wouldn't want to go back. You see, I 
love Logwatch, Portsentry (with IPchains)  and have installed them on over 50 
Cobalts in the last three or four months.

However, snort beats it all over the place when it comes to enhancing your 
awareness. 

If you don't want to log into a MySQL database, the go to snort.org and grab 
the latest RPM of snort1.8. If you want to log to syslog and MySQL (like if 
you intend to run Demarc or ACID), then grab the tarball and compile it. It's 
pretty straightforward.

Be sure to go tho www.whitehats.net and grab the latest snort rules from 
them, too. They are more complete than the ones which come with snort. I have 
my snort set up to use both the original rules and the ones from whitehats.

When CodeRed machines started to target my machine I was instantly notified. 
And just the other day I found out that one of my Webhosting customers had a 
Trojan installed on his personal machine at home. Snort realized this when 
his computer tried to access an unusual port on my server. I warned the 
customer of this and so he was able to clean his machine out before the 
puppet masters behind this trojan could do too much damage. They already had 
fetched a file with his webhosting account details of another ISP and were 
"owning" that webspace already.


-- 

Mit freundlichen Grüßen / With best regards

Michael Stauber

 Stauber Multimedia Design ____ Phone:  +49-6081-946240
 Eppsteiner Weg 9 ___  D-61267 Neu-Anspach ___ Germany
 SMD.NET ___ SOLARSPEED.NET ___ FORUMWORLD.COM

Fro