Talkback for article: 274, January2003

Intrusion detection with Debian GNU/Linux

Back to:

From: Herge [ date: 2003-01-06 ]
neped is a very old tool wich only works with Linux kernels before 2.0.36 (4 years old). Antisniff should work better, but there is no magic bullet for remotely finding promiscuous systems.
From: Herge [ date: 2003-01-07 ]
Also note that portsentry is non-free software. Ippl should be used instead.
And ifconfig will NOT show an interface in promiscuous mode if the program putting the interface
in promiscuous mode is using libpcap.
From: Alex Wallace [ date: 2003-01-28 ]
Excelent article! And debian certainly is the best distrio IMHO.
From: Rémi Letot [ date: 2003-01-28 ]
tripwire being nonfree, it can be replaced by aide.
From: Ilya [ date: 2003-02-03 ]
> tripwire being nonfree, it can be replaced by aide.

Debian Woody also comes with Integrit, which replaces Tripwire
From: eric draven [ date: 2004-03-24 ]
nicely written. there are some gotchas, though:

in the tripwire section, you wrote :

tripwire -m i 2

this doesn't work at all; or, is this intentional?
From: larry <larry(at)> [ date: 2005-05-16 ]
Thanks for well written info and good talkback; wonder how much of it now (5/2005) is outdated? Tips on how/where to update info is much appreciated.

7 talkbacks in English
Other talkbacks:   Francais

Due to the increased amount of web spam we have deciced to removed the talkback posting possibility. You can read old talkbacks but you can no longer post new ones.

Back to

Please contact webmaster(at) if you have any questions with regards to this talkback

lftalkback version 3.10