[87] in Intrusion Detection Systems
Re: Welcome to ids (Introduction)
daemon@ATHENA.MIT.EDU (Mr Martin J Hargreaves)
Thu Apr 20 13:36:40 1995
Date: Thu, 20 Apr 1995 14:36:58 +0100 (BST)
From: Mr Martin J Hargreaves <ch11mh@surrey.ac.uk>
To: ids@uow.edu.au
Reply-To: ids@uow.edu.au
>---- Joining Requests ----
>
>When joining the list I ask you to breifly introduce yourself, to give
>an outline of your interest in intrusion detection systems. Whether
>you are developing an intrusion detection system, or a system
>administrator or student who is currently investigating or developing
>a system. Additionally you might want to express some personal ideas
>that you have about what you think an intrusion detection system
>ideally, should be.
Hi,
I'm Martin Hargreaves, undergraduate at the University of Surrey,
UK - just finishing a degree in Computer Aided Chemistry. I'm also
Sysadmin for several of the departments machines (including the WWW
server www.chem.surrey.ac.uk ) and an SGI.
I'm interested in keeping the WWW server secure mainly (and Linux
security in general), when I have more time I may look at writing a Linux
based system in collaborattion with some of the other folks on the
Linux-security list. It's currently running various programs used to scan
the WWW server and the rest of the department's network. As far as
intrusion detection goes I make do with a collection including:
TCP Wrappers
Stub daemons on about twenty sequential ports (if the ports are
scanned, then a bit set of scand entries in the log in a giveaway...
tcpdump
strobe
probe_tcp_ports
portscan and netscan (from TIS fwtk)
COPS
TIGER
SATAN
ISS (well the scan from all.net)
IMHO I don't think SATAN is an intrusion detection system
(although it is included on the list given when you subscribe) - more
like a potential IDS (for detecting potential intrusions).
Regards,
M.
