On Wednesday 22 January 2003 03:35 pm, Bryan Irvine wrote: > Does pf have a syntax for intrusion detection? > > Id not what do you guys recommend? Nessus? Snort? Prelude? > > --Bryan
I would recommend you look at using nessus to scan your network for vulnerabilites and patch/reconfig your services/servers accordingly. It is an excellent tool. If you want to talk about detecting actual intrusions and/or attempts, then you're looking at two basic approaches; host based and network based. Host based utilize tools such as tripwire, lids (if you're on linux platform), etc. From your post I'll assume you're primarily interested in network, in which case I'd suggest you head on over to snort.org. there is much excellent material available. -- Regards, Ken Gunderson
