Jonathan Wilson <[EMAIL PROTECTED]> wrote:
>>Its much better to monitor a counter in order to detect DOS attacks
>>or configuration errors and if there's concern about intrusion set up a
>>couple rules to trigger the alarm when its counter is activated
>>(outgoing connections, connection search for
>> My problem is what tool to use to evaluate the logs for attacks
>> (e.g. portscans) and notify me by mail?
>I know you probably wouldn't want to hear the question, but I'll put it
>to you: What for?
>Its much better to monitor a counter in order to detect DOS attacks
>or configuration errors
> My problem is what tool to use to evaluate the logs for attacks
> (e.g. portscans) and notify me by mail?
I know you probably wouldn't want to hear the question, but I'll put it
to you: What for?
I would utilize the logs for the goal of archival. Particular blocked attacks
or portscans occur
3 matches
Mail list logo
