Intrusion Detection Systems mailing list archives

Re: snooping on RH?

From: carric () com2usa com (Carric Dooley)
Date: Fri, 1 Oct 1999 10:17:17 -0400 (EDT)



You might also try "hunt".

On Thu, 30 Sep 1999, Nathan Bates wrote:

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
---------------------------------------------------------------------------
---

`snoop` is the last one I remember tinkering with for Linux.  It required
a kernel mod and worked rather well.

      Regards,
      Nathan

/* UNIX is user friendly. It's just selective about who its friends are. */

On Wed, 29 Sep 1999, Security Team wrote:

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
---------------------------------------------------------------------------
---
Does anyone know of any ports of ttywatcher for linux (specifically redhat)?

I've been looking for something good to monitor potential problem-users for
a while, Any suggestions?

Thanks,
Kris W.

Current thread:

Re: snooping on RH? Nathan Bates (Sep 30)
- Re: snooping on RH? Carric Dooley (Oct 01)
- <Possible follow-ups>
- Re: snooping on RH? CyberPsychotic (Oct 07)
  - Re: snooping on RH? hawk (Oct 07)
  - Timestamps on RealSecure Bill Fox (Oct 07)