IN THIS CHAPTER
What Is Intrusion Detection?
Throughout this book, we've dealt with the problem of attackers on a per-application basis. If someone is attempting to exploit a hole in Apache or sendmail, the solution has been to find a fix, or upgrade. Unfortunately, most attackers attempt to exploit multiple services and will simply move on to other daemons after finding one impenetrable. All the while, you, the administrator, remain oblivious to the fact that anything is even afoot. This chapter attempts to change that, providing the details you need to detect and react to attacks as they occur.