Hosting Provided By

Re: Intrusion detection

From: Adam Getchell <AdamG(at)hrrm.ucdavis.edu>
Date: Wed Jan 22 2003 - 18:58:59 EST

I've found LaBrea (http://www.hackbusters.net) to be quite amusing.

Your results are guaranteed (no false positives), as you're tarpitting traffic that really shouldn't be there (i.e. connections to hosts that don't exist).

I'll e-mail you a URL privately if you want to see LaBrea in action. Since I'm in an educational institution, my tarpit is quite busy and the report file is rather large (e.g. my little class C gets ~7 million port 80 scans per day).

Adam Getchell AdamG@hrrm.ucdavis.edu
System Architect/Programmer (530) 752-1584
Human Resources Information Systems http://www.hr.ucdavis.edu/
"Invincibility is in oneself, vulnerability in the opponent." -- Sun Tzu

-----Original Message-----
From: Bryan Irvine [mailto:bryan.irvine@kingcountyjournal.com] Sent: Wednesday, January 22, 2003 9:38 AM To: misc@openbsd.org
Subject: Intrusion detection

I'm curious what you guys are using for intrusion detection?

I've looked a little bit at things such as snort and prelude. Or is there a syntax for PF? What are your recomendations? Which one is easiest to configure or more accurate?

--Bryan Received on Thu Jan 23 12:57:43 2003

This message: [ Message body ]
Next message: Chavous P. Camp: "Re: adsl hardware supported list ?"
Previous message: Selvam: "upgrade to 3.2 error"
Maybe in reply to: Bryan Irvine: "Intrusion detection"
Reply: Nick Besant: "Re: Intrusion detection"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:32:34 EDT

Do you need help?