Re: intrusion detection

2008-10-29 Thread Johannes Wiedersich
On 2008-10-29 17:16, David Bernier wrote: > I got an email today from a list that I never subscribed to. The message > body and headers were > refused by Debian Users list because of some Javascript. The end part > appears below... [snip quotation of spam mail] This is a phenomenon called spam [1

Re: intrusion detection

2008-10-29 Thread Jeff Soules
> David Bernier wrote: >> > > I got an email today from a list that I never subscribed to. The message > body and headers were > refused by Debian Users list because of some Javascript. The end part > appears below... Sounds like run-of-the-mill spam. To run a secure system, it's important to be

RE: intrusion detection

2008-10-29 Thread Juan Carlos Avila
> -Mensaje original- > De: Osamu Aoki [mailto:[EMAIL PROTECTED] > Enviado el: Miércoles, 29 de Octubre de 2008 08:53 a.m. > Para: David Bernier > CC: debian-user@lists.debian.org > Asunto: Re: intrusion detection > > Hi, > > On Tue, Oct 28, 2008 at 0

Re: intrusion detection

2008-10-29 Thread David Bernier
David Bernier wrote: Osamu Aoki wrote: Hi, On Tue, Oct 28, 2008 at 09:55:32PM +0630, David Bernier wrote: Dear Debian users, I think my computer was hacked. A music CD that I bought in a store (Redbook audio standard) was left in the CD/DVD bay. Then, mysteriously, a song by Destiny's Child

Re: intrusion detection

2008-10-29 Thread Adrian Chapela
Celejar escribió: On Wed, 29 Oct 2008 22:00:30 +0630 David Bernier <[EMAIL PROTECTED]> wrote: ... The Gnome system monitor now shows incoming traffic at 4 kB/sec every 20 seconds. Maybe this is when my computer contacts an SNTP server ( simple network time protocol). Would a package

Re: intrusion detection

2008-10-29 Thread Celejar
On Wed, 29 Oct 2008 22:00:30 +0630 David Bernier <[EMAIL PROTECTED]> wrote: ... > The Gnome system monitor now shows incoming traffic at 4 kB/sec every 20 > seconds. Maybe > this is when my computer contacts an SNTP server ( simple network time > protocol). > > Would a package such as etherea

Re: intrusion detection

2008-10-29 Thread Eduardo M KALINOWSKI
David Bernier escreveu: > Would a package such as ethereal tell me what this traffic is? > Yes (and all other traffic happening in the machine). There's also the netstat command, but if the connection is opened and closed quickly it may be hard to catch it. -- Eduardo M Kalinowski [EMAIL PRO

Re: intrusion detection

2008-10-29 Thread David Bernier
Osamu Aoki wrote: Hi, On Tue, Oct 28, 2008 at 09:55:32PM +0630, David Bernier wrote: Dear Debian users, I think my computer was hacked. A music CD that I bought in a store (Redbook audio standard) was left in the CD/DVD bay. Then, mysteriously, a song by Destiny's Child ("Jumpin' Jumpi

Re: intrusion detection

2008-10-29 Thread Osamu Aoki
Hi, On Tue, Oct 28, 2008 at 09:55:32PM +0630, David Bernier wrote: > Dear Debian users, > > I think my computer was hacked. A music CD that I bought in a store > (Redbook audio > standard) was left in the CD/DVD bay. Then, mysteriously, a song > by Destiny's Child ("Jumpin' Jumpin' ") got tran

Re: intrusion detection

2008-10-29 Thread David Bernier
Douglas A. Tutty wrote: On Tue, Oct 28, 2008 at 03:37:05PM +, Sam Kuper wrote: 2008/10/28 David Bernier <[EMAIL PROTECTED]> I'd like to know about ideas for security, including for example intrusion-detection systems. I recently read Linux Firewalls

Re: intrusion detection

2008-10-28 Thread Douglas A. Tutty
On Tue, Oct 28, 2008 at 03:37:05PM +, Sam Kuper wrote: > 2008/10/28 David Bernier <[EMAIL PROTECTED]> > > > > I'd like to know about ideas for security, including for example > > intrusion-detection systems. > > > > I recently read Linux Firewalls , >

Re: intrusion detection

2008-10-28 Thread Julian De Marchi
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > In the host-based category, I'm aware of two -- there's the > samhain/yule/beltane family, which are really one intrustion > detection apparatus. Samhain is the daemon that runs on the > clients being monitored, yule is the server that maintains

Re: intrusion detection

2008-10-28 Thread David Bernier
Andrew Reid wrote: On Tuesday 28 October 2008 11:25, David Bernier wrote: Dear Debian users, Now, I'm using Ubuntu and the firestarter firewall. I'd like to know about ideas for security, including for example intrusion-detection systems. There are (at least) two kinds of these, t

Re: intrusion detection

2008-10-28 Thread Andrew Reid
On Tuesday 28 October 2008 11:25, David Bernier wrote: > Dear Debian users, > > Now, I'm using Ubuntu and the firestarter firewall. > > I'd like to know about ideas for security, including for example > intrusion-detection systems. There are (at least) two kinds of these, the "network based" in

Re: intrusion detection

2008-10-28 Thread en0f
David Bernier wrote: [ .. ] I'd like to know about ideas for security, including for example intrusion-detection systems. Usually a properly configured iptables should do but if you want maybe extra protection I guess you should start with snort. -- en0f -- To UNSUBSCRIBE, email

Re: intrusion detection

2008-10-28 Thread Sam Kuper
2008/10/28 David Bernier <[EMAIL PROTECTED]> > > I'd like to know about ideas for security, including for example > intrusion-detection systems. > I recently read Linux Firewalls , and can recommend it. I'm sure there are lots of other good books on the t

Re: intrusion detection / logfile reporter

2001-11-10 Thread Timo Boewing
Original Message Subject: Re: intrusion detection / logfile reporter Date: Sat, 10 Nov 2001 00:24:34 -0800 (PST) From: Alvin Oga <[EMAIL PROTECTED]> To: "Timo Boewing" <[EMAIL PROTECTED]> CC: "Debian User (en)" hi timo i like to ask mor

Re: intrusion detection / logfile reporter

2001-11-10 Thread Alvin Oga
hi timo i like to ask more detailed stuff... here's some simpler answers... - as others have said, download and install logcheck or equivalent -- Debian security howto http://www.debian.org/doc/manuals/securing-debian-howto/ -- patch your kernel - add libsafe, ow1, etc

Re: intrusion detection / logfile reporter

2001-11-09 Thread Gary Hennigan
"Timo Boewing" <[EMAIL PROTECTED]> writes: > Stephen E. Hargrove wrote: > > > http://www.psionic.com/ has some good stuff - logcheck, portsentry > > and > > > hostsentry. > > > > > Hello Stephen, > > Hey, that was *exactly* what i was looking for. When i have time, i > will try these packages

Re: intrusion detection / logfile reporter

2001-11-09 Thread Stephen Gran
Thus spake Timo Boewing: > > Hello all, > > I have some questions regarding system security. Besides of doing > filtering with IP tables, disabling inet.d services like telnet, r-tools > etc. and setting some general denials in /etc/hosts.deny (plus some > other stuff like changing default po

Re: intrusion detection / logfile reporter

2001-11-09 Thread Timo Boewing
Stephen E. Hargrove wrote: http://www.psionic.com/ has some good stuff - logcheck, portsentry and hostsentry. Hello Stephen, Hey, that was *exactly* what i was looking for. When i have time, i will try these packages. When i am done, i will let the list know about my experiences; if anyon

Re: intrusion detection / logfile reporter

2001-11-09 Thread Stephen E. Hargrove
* Timo Boewing ([EMAIL PROTECTED]) spake thusly: > > Especially, I am looking for a not-too-paranoid-to-setup-tool that can > review my logfiles and report me via beep and/or local mail that it > found something unusual in a log. Does anyone know of such a tool? http://www.psionic.com/ has som