Source: monitord.sourceforge.net - Posted by Chris Pallack
A lightweight (distributed?) network security monitor for TCP/IP+Ethernet LANs. It will capture certain network events and record them in a relational database. The recorded data will be available for analysis through a CGI based interface. The main purpose of this project . . .
The last in this four part series on IDS, looks at Logcheck: a software package that is designed to automatically run and check system log files for security violations and unusual activity. In the last three articles in this series, we . . .
SysAdmin Magazine has the contents of their recent Linux Intrusion Detection Poster available online. "No matter how security minded you are, no matter how many updates and patches you apply, there's always a chance that someone will crack one of your . . .
This August 2000 article describes honeypots, the legal aspects, and how to integrate it into your network. "According to the general definition, a honey pot's goal is to emulate production servers while alerting and logging intruder activity. How it should achieve . . .
The last in this four part series on IDS, looks at Logcheck: a software package that is designed to automatically run and check system log files for security violations and unusual activity. In the last three articles in this series, . . .
IPtraf is a console-based network monitoring utility for Linux (the latest version, 2.3.1, is available for download). Written by Gerard Paul Riker, IPtraf tops my list of easy-to use-network analysis tools. IPtraf is distributed in a compressed tar format, and . . .
Source: InfoSecurity Magazine - Posted by Dave Wreski
Part three of our series on "Audits, Assessments & Tests (Oh, My)" explores penetration testing, the controversial practice of simulating real-world attacks by discovering and exploiting system vulnerabilities. We are routinely deluged with news reports detailing the exploits of attackers who . . .
To combat such attacks on routers, a new company called Arbor Networks Inc.-funded by Cisco Systems Inc. (stock: CSCO) and Intel Corp. (stock: INTC)-this week will launch a managed availability service that aims to detect, trace, and block DoS attacks.. . .
RazorBack is a log analysis program that interfaces with the SNORT open source Intrusion Detection System to provide real time visual notification when an intrusion signature has been detected on the network. RazorBack is designed to work within the GNOME 1.2 . . .
Source: SANS / Toby Miller - Posted by Ryan W. Maple
Recently, there has been some discussion on various mailing list(s) about the Explicit Congestion Notification (ECN) proposed standard and QUESO/nmap scan detection. The debate has been centered around the two reserve bits in the TCP header (bits 8 & 9) that . . .
