First page Back Continue Last page Summary Graphics
Application Links (cont.)
Intrusion Detection - Host-based
- Portsentry's license is non-free. A GPL alternative to portsentry is scandetd.
Scandetd has much of the functionality of portsentry, though it does not have the automated response options. Many (including myself) recommend against automated systems because it can lead to more troubles. Automated systems are set up to either write firewall rules or routes to block systems that are perceived to be scanning or attacking your machine. If not watched, an attacker can use a spoofing attack with valid sites, which would then also be blocked.
Notes: