Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort
This chapter showed you some of the tools used in intrusion detection. The goal was to provide you with some hands-on experience based on the concepts introduced in previous chapters. You learned about network sniffers in this chapter and focused specifically on TCPDump. Some packets and attack types were viewed through the eyes of TCPDump as well. Other tools were introduced and discussed in this chapter as well. These included Snort, which provides an excellent intrusion detection system. Finally, using ARPWatch to monitor for new and unexpected ARP entries on the network was also discussed. The next chapter looks at filesystem integrity through the eyes of AIDE, a filesystem integrity checker. |
Категории