Good, Free IDS anyone?

[loadc]

Mainly,

there is (depending on whose word you take) only one remote hole in the default install in the last six years. No other OS has under gone the line by line code audit that Open has, Theo D. and the others on the project do great work and have amazing results. If you want it free and you want it safe, OpenBSD is the answer. If you want to pay and you wan tit safe, STOP from WangFed is the answer, but I don't think those are sold to just anyone.
visit openbsd.org to get a better idea....



loadc

[dAggressor]

For network intrusion detection I would recommend snort www.snort.org but for host based intrusion detection tripwire is my recommendation. That should come loaded on your linux box but make sure that you take the time to configure it and run it. It will let you know what files have been added/modified/deleted since the database was created. This will come in helpful if you are successfully hacked and need to know what was done.

dAggressor

Oh yeah I almost forgot, I haven't set this one up yet, but am trying to do it in my spare (yeah right) time. The site is located at http://www.lids.org/ it seems to be pretty good, but like I said I haven't used it yet.

[loadc]

Well,

for host based, tripwire is a good start, but there are some safeguards I'd put in to make sure it's set, like a non-rewriteable media for the checksums, etc. Otherwise, for host based, I'd look at some of the Network police blotter articles in login; by Ranum. You can find his site at:
pubweb.nfr.com/~mjr, and follow the "conference speaker" link.


thanks,


loadc

[DeepSea007]

I know good scanner, and EXTREMELY fast !!!
Angry IP Scanner 2.05
Someone gave it to me so I'm not sure where to find it, I'll search it if you whish

[EaseZE]

Maybe portsentry would be a good choice for ids on a linux server.