RE: Looking for Host Based IDS

From: Oliver Petruzel (opetruzel@cox.rr.com)
Date: 12/24/01

• Previous message: Andrew Lamb: "questions about a home network"
• In reply to: Martin Tomasek: "Re: Looking for Host Based IDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Oliver Petruzel" <opetruzel@cox.rr.com>
To: <mtd@mk.cvut.cz>, <focus-ids@securityfocus.com>
Date: Mon, 24 Dec 2001 16:04:24 -0500

Martin Tomasek wrote:
>if you pass logs through for example logcheck, you have proactive HIDS
>with minimal efford.

"proactive" perhaps.. but not preventative... after all, a "log" is
nothing more than a recording of something that happenED. (past tense).

Medusa is a great tool, however. I just wanted to make my point about
logmining.

Entercept, for example, "kills process" prior to execution of said
read/write.

./oliver

---

• Previous message: Andrew Lamb: "questions about a home network"
• In reply to: Martin Tomasek: "Re: Looking for Host Based IDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ids  > 2001-12