[ previous ] [ next ] [ threads ]
 From:  Jeffrey Goldberg <jeffrey at goldmark dot org>
 To:  Monowall Mailing List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  IDS or log watching utilities
 Date:  Wed, 6 Oct 2004 15:29:24 -0700

I would like to know about what sorts of utilities exist for watching 
firewall logs as part of some sort of intrusion detection system.

My specific immediate need is rather small and I could roll my own, but 
surely others have already done a better job.

My specific immediate need is to watch for blocked LAN-side attempts to 
reach ports 137-139, 445, 25, etc.  That is, I want to know fairly 
quickly if there is something on my network that is trying to do nasty 

Also, is there some set of rules that people recommend for being a 
"good network citizen"?  That is, what should I try to prevent from 
leaving my network?

Jeffrey Goldberg                        http://www.goldmark.org/jeff/