[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IDS Systems


On Thu, Oct 05, 2000 at 12:51:00PM +0200, Jan Muenther wrote:
> with your host's files. Tripwire does this kind of stuff nicely,
> but it only comes as a binary, so I don't use it.

Tripwire once was a liberally distributed program, but now is
under strict commercial licensing in a similar way than is ssh.

> You could use stuff like Aide, or just build something with MD5

I don't know Aide, but in general I'd suggest using SHA1 because
MD5 is known to be breakable (and I don't think it's significantly
more expensive to do it right).

> detects attacks on a base of signature rules.  The best thing
> I've found is snort (www.snort.org). It's excellent. Use it. ;o))

Hmm. If not sticking to open source packages, could someone please
comment on how snort stacks up against nfr?

Best Regards,