On Sun, 17 Mar 2002 Matthew.Brownat_private wrote: > Folks > > I'd like to create a list of resources to respond to future > inquiries on this list. I will maintain this list to keep from adding to > the moderator's existing workload. I suggest listing tools and services > in the following areas. I've added a few to get us started below my > signature block. > Great idea! > > > Sandbox tools (To Trap): > snort > trafshow > ethereal > tcpdump > nmap I would add here iptraf, and delete snort... > IDS (To Detect): (These are the tools that create evidence we end up > examining during incidents afterall) > Cisco Host Based > VigilEnt Security Agents > Dragon > Network Flight Recorder > snort > RealSecure > Netranger > Netprowler > BlackIce > Intruder Alert Here i would add snort (it's more a nids than a sandbox tool...) > Evidence Capturing - Software: > EnCase (www.GuidanceSoftware.com) > dd (Comes with *nix) > netcat (nc) Here I would add tripwire... -- Regards, (o_ Luis Pinto -+ //\ +-http://www.dei.uc.pt/~lmpinto - ICQ#15663369 - finger for PGP + -+ V_/_+------------------------------------ bash$ :(){ :|:&};: -------+ Anti-trust laws should be approached with exactly that attitude. ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Mar 18 2002 - 10:51:14 PST