Security - Intrusion Detection

Discuss Networking
Post Reply
User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Security - Intrusion Detection

Post by Void Main »

A little something I've been working on:

http://voidmain.is-a-geek.net/si/?i=cac ... acti/Snort

Been doing a little hacking on Cacti, Snortcon and a few other things and melting them into a security console, including writing some new stuff...

agent007
administrator
administrator
Posts: 254
Joined: Wed Feb 12, 2003 11:26 pm

Post by agent007 »

cool! I like the detailed logs and stuff....Say, can I install the same on my stand-alone system? It connects to the net via a modem..[dialup]

thanks.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

Can you tcpdump your modem connection? I can't remember if you can put a ppp interface into promiscuous mode or not like you can with an Ethernet interface. I think you can do it but if you aren't connected 24 hours, or at least a good portion of the day then you will not be able to obtain alert information for those periods (obviously).

agent007
administrator
administrator
Posts: 254
Joined: Wed Feb 12, 2003 11:26 pm

Post by agent007 »

hi VoidMain,

Yes, I can tcpdump the PPP connection..Infact, I've been running ethereal. Btw, I just wanted to go through the logs whenever the system is online...

ciao

Post Reply