On Sun, 17 Mar 2002 Matthew.Brownpredictive.com wrote:

> Folks
>
> I'd like to create a list of resources to respond to future
> inquiries on this list. I will maintain this list to keep from adding to
> the moderator's existing workload. I suggest listing tools and services
> in the following areas. I've added a few to get us started below my
> signature block.
>

        Great idea!

>
>
> Sandbox tools (To Trap):
> snort
> trafshow
> ethereal
> tcpdump
> nmap

        I would add here iptraf, and delete snort...

> IDS (To Detect): (These are the tools that create evidence we end up
> examining during incidents afterall)
> Cisco Host Based
> VigilEnt Security Agents
> Dragon
> Network Flight Recorder
> snort
> RealSecure
> Netranger
> Netprowler
> BlackIce
> Intruder Alert

        Here i would add snort (it's more a nids than a sandbox tool...)

> Evidence Capturing - Software:
> EnCase (www.GuidanceSoftware.com)
> dd (Comes with *nix)
> netcat (nc)

        Here I would add tripwire...

-- 
                                        Regards,
   (o_                                 Luis Pinto
-+ //\ +-http://www.dei.uc.pt/~lmpinto - ICQ#15663369 - finger for PGP +
-+ V_/_+------------------------------------ bash$ :(){ :|:&};: -------+
Anti-trust laws should be approached with exactly that attitude.
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]