Advertisment

Intrusion Detection Tools

author-image
PCQ Bureau
New Update

It's always necessary to secure your machine and you

network. While most of you would always keep an eye on the security of your PC,

and install different mechanisms like firewalls and antivirus to protect it, one

thing we generally tend to ignore is the security of the network, particularly

from remote attacks. And when we talk about servers and datacenters, remote

attacks becomes more disastrous than local attacks.  So here we will see

some of the very easy to use but very effective IDS and network analysis

software available in PCQlinux 2006.

Advertisment

Arpwatch



The tiniest but very effective tool



to find out spoofing attacks in your



network. All you have to do is to run the



following command.  

#arpwatch —e email@domain.com

Where email is your email address. And the best thing about

this software is that you don't need to sit in front of a monitor for 24/7.

Instead this software will automatically send you warnings and alerts whenever

any intrusion happens in the network.

Advertisment

Arpwatch.bmp

Messages sent by Arpwatch include, new activity detected

from previously inactive Ethernet/ IP address, New address becoming active,

change of Ethernet address and a flip flop of Ethernet addresses. In addition to

emailing you the message, Arpwatch also captures additional syslog information

that is useful for keeping a watchful eyeon your network.

Ettercap



One of my favorites. Its basically a sniffer and a specialized tool for

man-in-the-middle attacks on switched LANs. But it can also work pretty well as

an IDS system. This piece of software is installed in most of the Workstation

Installations of PCQLinux 2006 including the SysAdmin. To run it, all you have

to do is to run the following command if you are using a graphical interface.

Advertisment

#ettercap —G



Or



#ettercap —C



Advertisment