If it's a single maschine, then I'd suggest
snort.
But as I followed the thread, you don't seem to
have ever worked with either snort or prelude, this is bad, gentoos
preconfigured scripts suck, to get some out of it you will have to reconfigure a
couple of things.. I have setup snort on several distros , but they usually
had one thing in common a bad start configuration.
I have written some additional scripts, that add
better snort support for dialup users and I have added support for automatic
blocking through iptables in case snort detects critical
attacks.
The thing is as someone mentioned earlier, if you
don't have a lot of knowledge of real attacks, network setup etc. and if you are
not experienced with an ids all you will get is a load of information that
you don't know how to interpret.
|
Title: Message
- [gentoo-user] IDS Chase Jeffery D
- Re: [gentoo-user] IDS SN
- Re: [gentoo-user] IDS Michael Boman
- RE: [gentoo-user] IDS Chase Jeffery D
- RE: [gentoo-user] IDS Ric Messier
- Re: [gentoo-user] IDS SN
- RE: [gentoo-user] IDS Chase Jeffery D
- RE: [gentoo-user] IDS Ric Messier
- RE: [gentoo-user] IDS Chase Jeffery D