Try to run tcpdump on the server to intercept all tcp and udp traffic that comes to and goes from port 123.
The material on this page was prepared using Lenny (5.0) configured using our Installation and Packages pages.
IDS has been called the burglar alarm of computer networks and is an important part of network perimeter security.
WIthout an IDS you have no idea if someone is probing or attacking your servers (unless the attack is so overwhelming that it results in a denial of service).
Typically, a network-based IDS is set up to monitor a DMZ or the internal network right behind the firewall so it alerts to any possible threats that your firewall didn't catch.
Unlike an antivirus signature database, you can tweak the rules in Snort's rule base to minimize false alerts.If you're interested in monitoring traffic coming in from the Internet, given that most Internet (broadband) connections are less than 10 megabit you can pick up an old 4-port 10-meg hub on e Bay to tap into this link.(Just make sure you're getting a hub as many people use the terms hub and switch interchangeably.) If you want to monitor traffic on your internal network, you could configure port spanning on your switch.Port spanning simply takes all of the traffic on one or more switch ports and duplicates it to a span port that has a monitoring device connected.Consult your switch documentation on how to set this up.