On Mon, 4 Feb 2002 Raymond Norton wrote: > Message: 10 > From: "Raymond Norton" <ray at lctn.k12.mn.us> > To: <tclug-list at mn-linux.org> > Date: Mon, 4 Feb 2002 14:52:55 -0600 > Reply-To: tclug-list at mn-linux.org > > A while back someone posted a link to a nice intrusion detector program. It > had a web interface which displayed attempts, types of attacks, and > specifically had a screen shot showing nimda attacks. Anyone know where I > can find it? Among IDS software packages, many people seem to prefer snort: http://www.snort.org/ If you store the snort output in a database, ACID can generate nice reports for you (better not to run httpd or other services on IDS machine, though): http://acidlab.sourceforge.net/ Snortsnarf is another tool for analyzing snort output: http://www.silicondefense.com/software/snortsnarf/ Other links of potential interest: http://www.prelude-ids.org/ http://www.tripwire.org/ http://www.lids.org/ http://www.psionic.com/ http://www.freshmeat.net/projects/swatch/ http://www.bastille-linux.org/ http://www.cisecurity.org/bench.html http://www.nessus.org/ http://www.iss.net/ http://www.webtrends.com/ http://www.net.tamu.edu/network/tools/tiger.html http://www.intersectalliance.com/projects/Snare/index.html http://www.resentment.org/projects/viperdb/ http://www.chkrootkit.org/ http://www.immunix.org/ http://www.securityfocus.com/ http://www.sans.org/ http://www.linuxsecurity.org/ (Note that I do not presently consider myself a security expert - most of the above links were gleaned from security related conference sessions at the recent LWCE - http://www.linuxworldexpo.com/) Joel