Hi all. The information file said you wanted introductions, so here I am. I am a consultant for a UNIX consulting firm who does all kinds of consulting for UNIX installation, administration, management, integration, conversion, migration, audit and whatever else you might think of. We have been doing work in the area of security for quite a while, with security audits, firewall installation and maintenance, and general security enhancement for business and government. My main interest in IDS is systems we can install on a customer's system, to be monitored by the local System Administrator(s) onsite. Many of these administrators do not have much security-related experience, and in some cases would not be able to recognise an intrusion even if they were reading the logs carefully. We have generally tried to set up a heuristics based system to filter out "normal" activity, and try to present the administrator with what's left, as well as picking up on some of the obvious intrusions (logins to system accounts, like ftp, or bin; logins from remote sites; etc) and installing tripwire-like programs. I can imagine much better solutions, though have had very little to do with them, so this list sounded very interesting. I doubt I have anything useful to contribute in the way of tools or information at this stage :-( but I am interested in discussion. have fun, rik. -- The Fulcrum Consulting Group o ------------------------------------------------------------------------------ Rik Harris - Senior Consultant - rik.harris@fulcrum.com.au /\ 12/10-16 Queen St. Melbourne VIC 3000. +61 3 621-2100 (BH) +61 3 621-2724 (Fax)