Re: Monitoring for breakins

From: Julian T. J. Midgley (jtjm@xenoclast.org)
Date: 07/18/02

• Next message: Christopher Browne: "Re: The Stunning Failure of OpenBSD"
• Previous message: DO NOT SPAM Me: "Re: The Stunning Failure of OpenBSD"
• In reply to: James Riden: "Re: Monitoring for breakins"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: jtjm@xenoclast.org (Julian T. J. Midgley)
Date: Thu, 18 Jul 2002 14:58:00 GMT

In article <8nnvg7dnm21.fsf@waldorf.dai.ed.ac.uk>,
James Riden <james.riden@ed.ac.uk> wrote:
>Thomas Gagné <tgagne@ameritech.net> writes:
>
>> Is there a FAQ that visits this concept?
>>
>> I've recently built a reverse proxy server that'll live inside a DMZ,
>> and now I need to monitor attempts to break-in.
>>
>> What's everyone else using?
>
>snort and tripwire are helpful. I think there's a program called
>swatch that will monitor logs as well.
>

Other programs worth looking at are integrit (a tripwire-like file
integrity checker that is somewhat easier to maintain than Tripwire
itself), and the various tools (portsentry, logcheck, etc) available
from Psionic (http://www.psionic.com).

Integrit is available from:

http://integrit.sourceforge.net

Julian

-- 
Julian T. J. Midgley                      http://www.xenoclast.org/
Cambridge, England.                          PGP Key ID: 0xBCC7863F 

---

• Next message: Christopher Browne: "Re: The Stunning Failure of OpenBSD"
• Previous message: DO NOT SPAM Me: "Re: The Stunning Failure of OpenBSD"
• In reply to: James Riden: "Re: Monitoring for breakins"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)