This takes a completely different approach from the above apps, having nothing to do with the network.
#Free intrusion detection software for mac mac
If anyone is logging onto your Mac surreptitiously, p0f might help you track them down. It's triggered by the establishment of a connection and logs information about the remote host, including information about the host's ISP. That is a versatile passive OS fingerprinting tool. You might find another utility to be useful, HenWen, which is a nice GUI for configuring snort.
#Free intrusion detection software for mac install
You can install snort via Fink or download As far as I know, it only checks packets in and out of the machine on which it's running but it checks for a tremendous variety of interesting traffic patterns. Of course the source of packets can be spoofed. (if you can say "connection" in conjunction with UDP) That would seem to be a serious problem. If the remote host in question is not listed as a nameserver, then someone would have actually had to initiate the connection. The only reason Macs should attempt to access port 53 on a remote host is if they've been configured to look to that host for DNS resolution. Ok, a three part question: Should I worry? As long as I'm not running hd intensive services, should I worry about not having a 24/7 rated drive? I envision using it only as a an ssh gateway and for the intrusion software. 🙂 I'm considering it as a candidate for this software. I've heard a lot about snort but haven't tried it.Ģ.) I've got an underutilized mac mini running tiger that I use for testing and as a smart backup drive. But maybe it's just a dumb worm periodically probing random hosts.ġ.) Can anyone recommend intrusion detection/prevention software? Ideally I'd like a command line solution so that I can access it remotely. Worst case is I fear something is trying to map internal trust relationships with my router. Only my dns server is allowed out on that port. Specifically my mail server (MacOS 8.6) and a seldomly used MacOS 10.3 workstation both appear to have attempted to access the same offsite host on port 53 within a 25 minutes of each other last night around 8:15 EDT (off hours). I have reason to believe that I've got a host on my LAN that's is spoofing local ip numbers and attempting to connect to offsite hosts (more than likely one of our PCs!).
0 kommentar(er)
