[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] IPChains Tool
- Subject: Re: [cobalt-security] IPChains Tool
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Mon, 23 Jul 2001 17:12:48 +0200
- Organization: Stauber Multimedia Design
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Carrie,
> My next project is Snort... *grin*
My recommendation: Go for it!
I did that when Demarc came out and I wouldn't want to go back. You see, I
love Logwatch, Portsentry (with IPchains) and have installed them on over 50
Cobalts in the last three or four months.
However, snort beats it all over the place when it comes to enhancing your
awareness.
If you don't want to log into a MySQL database, the go to snort.org and grab
the latest RPM of snort1.8. If you want to log to syslog and MySQL (like if
you intend to run Demarc or ACID), then grab the tarball and compile it. It's
pretty straightforward.
Be sure to go tho www.whitehats.net and grab the latest snort rules from
them, too. They are more complete than the ones which come with snort. I have
my snort set up to use both the original rules and the ones from whitehats.
When CodeRed machines started to target my machine I was instantly notified.
And just the other day I found out that one of my Webhosting customers had a
Trojan installed on his personal machine at home. Snort realized this when
his computer tried to access an unusual port on my server. I warned the
customer of this and so he was able to clean his machine out before the
puppet masters behind this trojan could do too much damage. They already had
fetched a file with his webhosting account details of another ISP and were
"owning" that webspace already.
--
Mit freundlichen Grüßen / With best regards
Michael Stauber
Stauber Multimedia Design ____ Phone: +49-6081-946240
Eppsteiner Weg 9 ___ D-61267 Neu-Anspach ___ Germany
SMD.NET ___ SOLARSPEED.NET ___ FORUMWORLD.COM
Fro