[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IDS Systems
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: IDS Systems
- From: Toni Mueller <openbsd-misc_(_at_)_oeko_(_dot_)_net>
- Date: Thu, 5 Oct 2000 15:32:34 +0200
- Reply-to: openbsd-misc_(_at_)_oeko_(_dot_)_net
On Thu, Oct 05, 2000 at 12:51:00PM +0200, Jan Muenther wrote:
> with your host's files. Tripwire does this kind of stuff nicely,
> but it only comes as a binary, so I don't use it.
Tripwire once was a liberally distributed program, but now is
under strict commercial licensing in a similar way than is ssh.
> You could use stuff like Aide, or just build something with MD5
I don't know Aide, but in general I'd suggest using SHA1 because
MD5 is known to be breakable (and I don't think it's significantly
more expensive to do it right).
> detects attacks on a base of signature rules. The best thing
> I've found is snort (www.snort.org). It's excellent. Use it. ;o))
Hmm. If not sticking to open source packages, could someone please
comment on how snort stacks up against nfr?