Talkback for article: 274, January2003
Intrusion detection with Debian GNU/Linux
From: Herge
[ date: 2003-01-06 ]
neped is a very old tool wich only works with Linux kernels before 2.0.36 (4 years old). Antisniff should work better, but there is no magic bullet for remotely finding promiscuous systems.
From: Herge
[ date: 2003-01-07 ]
Also note that portsentry is non-free software. Ippl should be used instead.
And ifconfig will NOT show an interface in promiscuous mode if the program putting the interface
in promiscuous mode is using libpcap.
From: Alex Wallace
[ date: 2003-01-28 ]
Excelent article! And debian certainly is the best distrio IMHO.
From: Rémi Letot
[ date: 2003-01-28 ]
tripwire being nonfree, it can be replaced by aide.
From: Ilya
[ date: 2003-02-03 ]
> tripwire being nonfree, it can be replaced by aide.
Debian Woody also comes with Integrit, which replaces Tripwire
From: eric draven
[ date: 2004-03-24 ]
nicely written. there are some gotchas, though:
in the tripwire section, you wrote :
tripwire -m i 2
this doesn't work at all; or, is this intentional?
From: larry <larry(at)linuxstore.se>
[ date: 2005-05-16 ]
Thanks for well written info and good talkback; wonder how much of it now (5/2005) is outdated? Tips on how/where to update info is much appreciated.
7 talkbacks
in English
Other talkbacks: Francais
Due to the increased amount of web spam we have deciced to
removed the talkback posting possibility. You can read old talkbacks
but you can no longer post new ones.
Please contact webmaster(at)linuxfocus.org if you have any questions with regards to this talkback
lftalkback version 3.10