Tripwire is also an excellent companion to IPFilter. Here is a link to a good document on how to set up IPFilter and Tripwire together.
http://www.schlacter.net/public/FreeBSD-STABLE_and_IPFILTER.html Pete Scudamore SCSA, CCNP, CCDP, MCSE > On Sun, Aug 31, 2003 at 02:08:45PM -0400, Eben wrote: >> I would like to have Big Brother alert when a port scan is attempted >> against an ipfilter firewall. >> I see at least two ways that it could be accomplished: >> 1. A custom Big Brother module looks at the ipfilter logs and alerts >> on a port scan. >> 2. Another application creates individual report files from the >> ipfilter logs representing each port scan, Big Brother would then >> alert on the existence of a new one. >> Has anyone implemented a working solution? >> My requirements are that I must use both Big Brother and ipfilter. >> Thanks. > > You should propably look at PortSentry > ( http://packetstormsecurity.nl/UNIX/IDS/portsentry-1.1.tar.gz ). > > And then do some scripting :) > > -- > Kind regards > Flemming Laugaard > ------------------------------------ > Reality Bites... and doesn't let go. > -- Unknown --
