[Snort-users] Intrusion S/W detection tools?

SWilcoxon at ...1386... SWilcoxon at ...1386...
Wed Mar 21 11:18:08 EST 2001

Allow me to clarify a little more.

What I was think is something that can be used after the fact for detection
for the poor soles that may not be running tripwire or similar products.

I'm just thinking of all the Linux users that didn't think they needed to do
something like that and aren't sure if they were compromised or not.

I agree that some detection can be done using RPM to see if a normal file
was installed. But other tools create their own executables. Those users
wouldn't know where to look to see if they were compromised.


More information about the Snort-users mailing list