[Snort-users] Intrusion S/W detection tools?

Daniel Cuthbert dcuthbert at ...1623...
Wed Mar 21 11:02:53 EST 2001


Hiya

Well there are a few things, ideally having something like tripwire
running would be your best bet, but to do an analysis after an attack,
have a look at The Coroners Toolkit (www.fish.com/tct)
and then to check for known r00tkits

http://checkps.alcom.co.uk
http://www.chkrootkit.org


Hope that helps

Dan

On Wed, 21 Mar 2001 SWilcoxon at ...1386... wrote:

> A little off the subject, but I feel it's related to IDS in general so this
> could be a helpful group.
>
> Are there any Open or Closed source tools for detecting that intruders have
> installed compromised tools, backdoors, etc on a Linux system? I know that
> many Virus Scanners can do this for files that are considered in that
> category by the developers, but do they really cover the other tools a
> Hacker may install on a System?
>
> No, I'm not trying to sanitize a system. I was just thinking that would be a
> good tool for people who may not have taken the proper safeguards for
> detecting binaries changing or files being added.
>
> S.W.
> swilcoxon at ...1386...
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list