All,
Thanks for the great response to this thread. I knew (at the time I
posted) such tactic (if not properly implemented/configured) could lead
to a denial of service attack, but I appreciate those who took the time
to point that out for everyone.
--
Phillip Hofmeister
PGP/GPG Key:
http://www
All,
Thanks for the great response to this thread. I knew (at the time I
posted) such tactic (if not properly implemented/configured) could lead
to a denial of service attack, but I appreciate those who took the time
to point that out for everyone.
--
Phillip Hofmeister
PGP/GPG Key:
http://www
On Tue, Jul 01, 2003 at 04:42:05PM +0200, Lucio wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
(..)
> Project Descriptive Name: Astu mdids
>
> Project UNIX Name: astu
>
> Project Description: Multiplatform distributed intrusion detection system
You are aware, of course, that you are
On Tue, Jul 01, 2003 at 04:42:05PM +0200, Lucio wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
(..)
> Project Descriptive Name: Astu mdids
>
> Project UNIX Name: astu
>
> Project Description: Multiplatform distributed intrusion detection system
You are aware, of course, that you are
On Tue, 01 Jul 2003 at 15:13:00 -0400, Matt Zimmerman wrote:
> On Tue, Jul 01, 2003 at 05:57:27PM +0200, Tomasz Papszun wrote:
>
> > On Mon, 30 Jun 2003 at 22:39:15 -0400, Matt Zimmerman wrote:
> > > Not really a good idea. Consider what happens when someone forges the IP
> > > addresses.
> >
>
On Tue, 01 Jul 2003 at 15:13:00 -0400, Matt Zimmerman wrote:
> On Tue, Jul 01, 2003 at 05:57:27PM +0200, Tomasz Papszun wrote:
>
> > On Mon, 30 Jun 2003 at 22:39:15 -0400, Matt Zimmerman wrote:
> > > Not really a good idea. Consider what happens when someone forges the IP
> > > addresses.
> >
>
On Tue, Jul 01, 2003 at 06:39:51PM +0200, Thomas Ritter wrote:
> If you want to start your own project, you'll have to guarantee _you_ can
> always login. Also, with dynamic IPs those rules should be outdated after
> some time.
That's one of the key issues. Many attacks come from dial up
blocks
On Tue, Jul 01, 2003 at 06:39:51PM +0200, Thomas Ritter wrote:
> If you want to start your own project, you'll have to guarantee _you_ can
> always login. Also, with dynamic IPs those rules should be outdated after
> some time.
That's one of the key issues. Many attacks come from dial up
blocks
On Tue, Jul 01, 2003 at 05:57:27PM +0200, Tomasz Papszun wrote:
> On Mon, 30 Jun 2003 at 22:39:15 -0400, Matt Zimmerman wrote:
> > Not really a good idea. Consider what happens when someone forges the IP
> > addresses.
>
> One can predefine trusted or other very important IP addresses which
> ca
On Tue, Jul 01, 2003 at 05:57:27PM +0200, Tomasz Papszun wrote:
> On Mon, 30 Jun 2003 at 22:39:15 -0400, Matt Zimmerman wrote:
> > Not really a good idea. Consider what happens when someone forges the IP
> > addresses.
>
> One can predefine trusted or other very important IP addresses which
> ca
At 22:39 on Jun 30, Matt Zimmerman shook the earth with:
> On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote:
>
> > Are there any projects out there to do this right now. If not, is this
> > a good idea? If it is who would be a person/group that would be
> > qualified and have
> A daemon sits running in the background listening to a special device
> Are there any projects out there to do this right now. If not, is this
> a good idea? If it is who would be a person/group that would be
> qualified and have the time/interest to develop it.
Abacus Portsentry binds itself
Look snort 2.0.0 [1]
It's an Intrusion Detection System. Theres an Preprozessor for Snort called
'Guardian'[2] to do things like you want. But read the other answers in this
thread carefully!
Thomas Bechtold
[1] http://snort.org
[2] http://www.chaotic.org/guardian/
On Tuesday 01 July 2003 00:
On Martes, 1 de Julio de 2003 04:39, Matt Zimmerman wrote:
> On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote:
> > A daemon sits running in the background listening to a special device
> > (/dev) or an IPC which would originate from syslog-ng. This daemon
> > would then parse the
At 22:39 on Jun 30, Matt Zimmerman shook the earth with:
> On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote:
>
> > Are there any projects out there to do this right now. If not, is this
> > a good idea? If it is who would be a person/group that would be
> > qualified and have
> A daemon sits running in the background listening to a special device
> Are there any projects out there to do this right now. If not, is this
> a good idea? If it is who would be a person/group that would be
> qualified and have the time/interest to develop it.
Abacus Portsentry binds itself
Look snort 2.0.0 [1]
It's an Intrusion Detection System. Theres an Preprozessor for Snort called
'Guardian'[2] to do things like you want. But read the other answers in this
thread carefully!
Thomas Bechtold
[1] http://snort.org
[2] http://www.chaotic.org/guardian/
On Tuesday 01 July 2003 00:
On Mon, 30 Jun 2003 at 22:39:15 -0400, Matt Zimmerman wrote:
> On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote:
>
> > A daemon sits running in the background listening to a special device
> > (/dev) or an IPC which would originate from syslog-ng. This daemon
> > would then pars
On Martes, 1 de Julio de 2003 04:39, Matt Zimmerman wrote:
> On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote:
> > A daemon sits running in the background listening to a special device
> > (/dev) or an IPC which would originate from syslog-ng. This daemon
> > would then parse the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Volker Tanger said:
> ...which is the official license to shoot yourself into the foot. What
> happens if I send you a forged, suspicious packet with source-IP equal
> to the IP address of your gateway router, your DNS server, your internal
> system(s
On Tue, Jul 01, 2003 at 10:22:33AM +0200, Volker Tanger wrote:
> ...which is the official license to shoot yourself into the foot. What
> happens if I send you a forged, suspicious packet with source-IP equal
> to the IP address of your gateway router, your DNS server, your internal
> system(s), ..
On Mon, 30 Jun 2003 at 22:39:15 -0400, Matt Zimmerman wrote:
> On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote:
>
> > A daemon sits running in the background listening to a special device
> > (/dev) or an IPC which would originate from syslog-ng. This daemon
> > would then pars
Check out psad, which is similar to what you want (and I use it)...
You can see psad at http://www.cipherdyne.com/psad/, which is somehow related to
Bastille Linux http://www.bastille-linux.org/. Or just apt-get install psad.
--jordan
On Mon, Jun 30, 2003 at 06:38:33PM -0400, Philli
On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote:
> A daemon sits running in the background listening to a special device
> (/dev) or an IPC which would originate from syslog-ng. This daemon
> would then parse the log and look for suspicious things. If it found
> something suspi
Hi,
There is an Intrusion Detection System(IDS) named Snort (http://www.snort.org)
There you can log to syslog, database, tcpdump-file,...
And there are some Preprozessors which can block 'bad' Traffic.
Snort can do much more. Read the FAQ
http://www.snort.org/docs/FAQ.txt
Thomas Bechtold
On Tue
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Volker Tanger said:
> ...which is the official license to shoot yourself into the foot. What
> happens if I send you a forged, suspicious packet with source-IP equal
> to the IP address of your gateway router, your DNS server, your internal
> system(s
On Tue, Jul 01, 2003 at 10:22:33AM +0200, Volker Tanger wrote:
> ...which is the official license to shoot yourself into the foot. What
> happens if I send you a forged, suspicious packet with source-IP equal
> to the IP address of your gateway router, your DNS server, your internal
> system(s), ..
On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote:
> A daemon sits running in the background listening to a special device
> (/dev) or an IPC which would originate from syslog-ng. This daemon
> would then parse the log and look for suspicious things. If it found
> something susp
Check out psad, which is similar to what you want (and I use it)...
You can see psad at http://www.cipherdyne.com/psad/, which is somehow related to
Bastille Linux http://www.bastille-linux.org/. Or just apt-get install psad.
--jordan
On Mon, Jun 30, 2003 at 06:38:33PM -0400, Philli
On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote:
> A daemon sits running in the background listening to a special device
> (/dev) or an IPC which would originate from syslog-ng. This daemon
> would then parse the log and look for suspicious things. If it found
> something suspi
Hi,
There is an Intrusion Detection System(IDS) named Snort (http://www.snort.org)
There you can log to syslog, database, tcpdump-file,...
And there are some Preprozessors which can block 'bad' Traffic.
Snort can do much more. Read the FAQ
http://www.snort.org/docs/FAQ.txt
Thomas Bechtold
On Tue
On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote:
> A daemon sits running in the background listening to a special device
> (/dev) or an IPC which would originate from syslog-ng. This daemon
> would then parse the log and look for suspicious things. If it found
> something susp
Greetings!
On Mon, 30 Jun 2003 18:38:33 -0400 Phillip Hofmeister
<[EMAIL PROTECTED]> wrote:
> This daemon
> would then parse the log and look for suspicious things. If it found
> something suspicious it would use regular expression to grab out
> pertinent parts of the log (say the IP address) an
Greetings!
On Mon, 30 Jun 2003 18:38:33 -0400 Phillip Hofmeister
<[EMAIL PROTECTED]> wrote:
> This daemon
> would then parse the log and look for suspicious things. If it found
> something suspicious it would use regular expression to grab out
> pertinent parts of the log (say the IP address) an
Greets all,
A previous post spawned an idea of mine. I am not sure if there is a
project available for this or not. Here we go:
A daemon sits running in the background listening to a special device
(/dev) or an IPC which would originate from syslog-ng. This daemon
would then parse the log and
Greets all,
A previous post spawned an idea of mine. I am not sure if there is a
project available for this or not. Here we go:
A daemon sits running in the background listening to a special device
(/dev) or an IPC which would originate from syslog-ng. This daemon
would then parse the log and
36 matches
Mail list logo
