On Tue, Jan 15, 2002 at 09:04:07PM +0100, Balazs Javor wrote:
Hi,
Recently I've installed some IP logging deamons
(snort, ippl along with logcheck) and I was amazed
Strangely, ippl is an extremely popular tool. Using ippl is inadvisable, it
provides a false sense of information. ippl is
hi ya
On Wed, 16 Jan 2002, Yotam Rubin wrote:
On Tue, Jan 15, 2002 at 09:04:07PM +0100, Balazs Javor wrote:
Hi,
Recently I've installed some IP logging deamons
(snort, ippl along with logcheck) and I was amazed
you'd need (host/network) IDS's in addition to the above log checkers
On Wed, Jan 16, 2002 at 04:58:33PM +0200, Yotam Rubin wrote:
Strangely, ippl is an extremely popular tool. Using ippl is inadvisable, it
provides a false sense of information. ippl is unversatile, the filter
language is too simple to allow complex operations.
I tend to agree with your
Previously Noah L. Meyerhans wrote:
Provided you recognize IPPL's capabilities and limitation, it can be a
very useful tool. As always, it can be dangerous if misused.
Biggest problem with it is that it seems to die on occasion, although
I haven't seen that on unstable boxes recently.
On Wed, Jan 16, 2002 at 07:14:38AM -0800, Alvin Oga wrote:
hi ya
On Wed, 16 Jan 2002, Yotam Rubin wrote:
On Tue, Jan 15, 2002 at 09:04:07PM +0100, Balazs Javor wrote:
Hi,
Recently I've installed some IP logging deamons
(snort, ippl along with logcheck) and I was amazed
On Wed, Jan 16, 2002 at 04:58:33PM +0200, Yotam Rubin wrote:
Strangely, ippl is an extremely popular tool. Using ippl is inadvisable, it
provides a false sense of information. ippl is unversatile, the filter
language is too simple to allow complex operations.
I tend to agree with your
Previously Noah L. Meyerhans wrote:
Provided you recognize IPPL's capabilities and limitation, it can be a
very useful tool. As always, it can be dangerous if misused.
Biggest problem with it is that it seems to die on occasion, although
I haven't seen that on unstable boxes recently.
Hi,
Recently I've installed some IP logging deamons
(snort, ippl along with logcheck) and I was amazed
how many break-in attempts there are each day on my
simple home box which isn't even adverised anywhere,
as I only run a few services intended for friends and
family (apache, wu-ftpd, exim).
I
On Tue, Jan 15, 2002 at 09:04:07PM +0100, Balazs Javor wrote:
Then there are more exotic stuff. High port UDP attampts,
connection to port 113 etc.
High port UDP stuff is often just traceroutes. 113 is normal, as many
servers will attempt an auth lookup when you access them.
Now the logs
hi balaz
how much time and energy do you want to spend ???
- 1st passs..
- update your box regularly per debians security patches
- read debians security howto
http://www.debian.org/doc/manuals/securing-debian-howto
- 2nd pass...
- you;'re doing w/
Hi,
Recently I've installed some IP logging deamons
(snort, ippl along with logcheck) and I was amazed
how many break-in attempts there are each day on my
simple home box which isn't even adverised anywhere,
as I only run a few services intended for friends and
family (apache, wu-ftpd, exim).
I
On Tue, Jan 15, 2002 at 09:04:07PM +0100, Balazs Javor wrote:
Then there are more exotic stuff. High port UDP attampts,
connection to port 113 etc.
High port UDP stuff is often just traceroutes. 113 is normal, as many
servers will attempt an auth lookup when you access them.
Now the logs
hi balaz
how much time and energy do you want to spend ???
- 1st passs..
- update your box regularly per debians security patches
- read debians security howto
http://www.debian.org/doc/manuals/securing-debian-howto
- 2nd pass...
- you;'re doing w/
13 matches
Mail list logo
