Hi, I have joined this mailing list primarily because of my role at work which at present is focussing on providing Internet connectivity for our clients. Dealing with the Internet means dealing with security and I am interested in ways of preventing, and detecting, intrusion attempts. I suppose I should also add Im interested in detecting successful intrusions as well!! Unfortunately, this isnt my only role, so I cant spend all my time on it. So I am interested in hearing of anything that could be used to automate monitoring of systems, and anything else regarding security of systems. I am not a Unix expert. I know enough to be dangerous (ie I think I know what Im doing ;-) ) One question I have regarding monitoring for intrusuions, is this: We currently use a package called NeTraMet, which we use for billing purposes. It monitors all packets going through our Internet link and gathers info such as source/destination IP address, packet type, and source/destination ports amongst others. My question is, would it be worth setting this up to send alerts in some form when it detects packets with a specific port number? ie is there ports which are only used when someone is attempting to gain access? I dont want to create something which generates "false alarms" so it get ignored! Any body been down this path? Is it worth the effort? Regards Jeff Law Internetworking Consultant ___________________________________________________________ Continuum (NZ) Limited 105 Symonds Street PO Box 8690 Telephone: 64 9 379-2350 Auckland 1035 Facsimile: 64 9 357-2200 New Zealand Internet : jlaw@arguus.co.nz ___________________________________________________________ Most of the things worth doing in the world had been declared impossible before they were done. (Louis Brandeis)