Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Protecting your VPS / Dedi - Do you use intrusion detection ?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Protecting your VPS / Dedi - Do you use intrusion detection ?

2bb32bb3 Member

Hi

Do you guys use any intrusion detection on your servers?

What would you recommend? DId hear nice things about snort, is it worth the hassle to set that up? Any better alternative?

Thanks!

Comments

  • No one has experience with that stuff?

  • For host based IDS take a look at OSSEC. For packet analysis IDS I would recommend Snort or Suricata.

    Thanked by 12bb3
  • I am testing pfSense with extra ip lists and I have Snort installed as well.

    You need to train your Snort to fit your needs but it seems like a good choice.

    At my current dev machine I don't have any sites installed or pointed to that server. I only have a few vm's installed and one of them is media/torrent/etc server.

    Right after I installed it I saw lots of alerts at Snort and some blocked IP's. I needed to suppress some rules, enable/disable some more.

    Right now after pfSense denies most of the bad and known IP's, at Snort most of the alerts I see are like port scanners, experimental scanners etc.

    Some people suggest Suricata as well but that's beyond my knowledge expect that of your firewall/ids has multiple cores suricata performs better.

    Thanked by 2Mark_R 2bb3
  • Thanks!

  • I've had Snort and something like AIDE or tripwire on my to-learn list for awhile now :)

Sign In or Register to comment.