On Wed, Jan 16, 2002 at 07:14:38AM -0800, Alvin Oga wrote:
>
> hi ya
>
> On Wed, 16 Jan 2002, Yotam Rubin wrote:
>
> > On Tue, Jan 15, 2002 at 09:04:07PM +0100, Balazs Javor wrote:
> > > Hi,
> > >
> > > Recently I've installed some IP logging deamons
> > > (snort, ippl along with logcheck) and
On Wed, Jan 16, 2002 at 07:14:38AM -0800, Alvin Oga wrote:
>
> hi ya
>
> On Wed, 16 Jan 2002, Yotam Rubin wrote:
>
> > On Tue, Jan 15, 2002 at 09:04:07PM +0100, Balazs Javor wrote:
> > > Hi,
> > >
> > > Recently I've installed some IP logging deamons
> > > (snort, ippl along with logcheck) and
Previously Noah L. Meyerhans wrote:
> Provided you recognize IPPL's capabilities and limitation, it can be a
> very useful tool. As always, it can be dangerous if misused.
Biggest problem with it is that it seems to die on occasion, although
I haven't seen that on unstable boxes recently.
Wicher
On Wed, Jan 16, 2002 at 04:58:33PM +0200, Yotam Rubin wrote:
>
> Strangely, ippl is an extremely popular tool. Using ippl is inadvisable, it
> provides a false sense of information. ippl is unversatile, the filter
> language is too simple to allow complex operations.
I tend to agree with your a
hi ya
On Wed, 16 Jan 2002, Yotam Rubin wrote:
> On Tue, Jan 15, 2002 at 09:04:07PM +0100, Balazs Javor wrote:
> > Hi,
> >
> > Recently I've installed some IP logging deamons
> > (snort, ippl along with logcheck) and I was amazed
you'd need (host/network) IDS's in addition to the above log chec
On Tue, Jan 15, 2002 at 09:04:07PM +0100, Balazs Javor wrote:
> Hi,
>
> Recently I've installed some IP logging deamons
> (snort, ippl along with logcheck) and I was amazed
Strangely, ippl is an extremely popular tool. Using ippl is inadvisable, it
provides a false sense of information. ippl is u
Previously Noah L. Meyerhans wrote:
> Provided you recognize IPPL's capabilities and limitation, it can be a
> very useful tool. As always, it can be dangerous if misused.
Biggest problem with it is that it seems to die on occasion, although
I haven't seen that on unstable boxes recently.
Wiche
On Wed, Jan 16, 2002 at 04:58:33PM +0200, Yotam Rubin wrote:
>
> Strangely, ippl is an extremely popular tool. Using ippl is inadvisable, it
> provides a false sense of information. ippl is unversatile, the filter
> language is too simple to allow complex operations.
I tend to agree with your
hi ya
On Wed, 16 Jan 2002, Yotam Rubin wrote:
> On Tue, Jan 15, 2002 at 09:04:07PM +0100, Balazs Javor wrote:
> > Hi,
> >
> > Recently I've installed some IP logging deamons
> > (snort, ippl along with logcheck) and I was amazed
you'd need (host/network) IDS's in addition to the above log che
On Tue, Jan 15, 2002 at 09:04:07PM +0100, Balazs Javor wrote:
> Hi,
>
> Recently I've installed some IP logging deamons
> (snort, ippl along with logcheck) and I was amazed
Strangely, ippl is an extremely popular tool. Using ippl is inadvisable, it
provides a false sense of information. ippl is
hi balaz
how much time and energy do you want to spend ???
- 1st passs..
- update your box regularly per debians security patches
- read debians security howto
http://www.debian.org/doc/manuals/securing-debian-howto
- 2nd pass...
- you;'re doing w/ snot/ippl/lo
On Tue, Jan 15, 2002 at 09:04:07PM +0100, Balazs Javor wrote:
> Then there are more exotic stuff. High port UDP attampts,
> connection to port 113 etc.
High port UDP stuff is often just traceroutes. 113 is normal, as many
servers will attempt an auth lookup when you access them.
> Now the logs p
Hi,
Recently I've installed some IP logging deamons
(snort, ippl along with logcheck) and I was amazed
how many break-in attempts there are each day on my
simple home box which isn't even adverised anywhere,
as I only run a few services intended for friends and
family (apache, wu-ftpd, exim).
I c
hi balaz
how much time and energy do you want to spend ???
- 1st passs..
- update your box regularly per debians security patches
- read debians security howto
http://www.debian.org/doc/manuals/securing-debian-howto
- 2nd pass...
- you;'re doing w/ snot/ippl/l
On Tue, Jan 15, 2002 at 09:04:07PM +0100, Balazs Javor wrote:
> Then there are more exotic stuff. High port UDP attampts,
> connection to port 113 etc.
High port UDP stuff is often just traceroutes. 113 is normal, as many
servers will attempt an auth lookup when you access them.
> Now the logs
Hi,
Recently I've installed some IP logging deamons
(snort, ippl along with logcheck) and I was amazed
how many break-in attempts there are each day on my
simple home box which isn't even adverised anywhere,
as I only run a few services intended for friends and
family (apache, wu-ftpd, exim).
I
16 matches
Mail list logo
