Gene Dellinger wrote:
How difficult is it to perform Intrusion Detection using iptables, any real world stories(good and bad) desired.
Sorry, but good intrusion detection is very different to iptables. Iptables only control the connections based on ports. With connection tracking you can check if there is made some portscan or someone tried
to send a ping of death to you. Modifying in the filesystem can not be controled by iptables. That is task of a good intrusion detection system. Regards, Ruprecht ------------------------------------------------------------------------------------------ Ruprecht Helms IT-Service & Softwareentwicklung Tel./Fax +49[0]7621 16 99 16 Web: htp://www.rheyn.de
