Re: how to verify whether an attack attempt is successful?
From: Kurt Seifried (bt@seifried.org)
Date: 01/15/03
- Previous message: Randy Taylor: "RE: [IDS] IDS Common Criteria"
- In reply to: Yan Zhai: "how to verify whether an attack attempt is successful?"
- Next in thread: detmar.liesen@lds.nrw.de: "RE: how to verify whether an attack attempt is successful?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Kurt Seifried" <bt@seifried.org> To: "Yan Zhai" <yzhai@unity.ncsu.edu>, <focus-ids@securityfocus.com> Date: Wed, 15 Jan 2003 13:27:19 -0800
> Is there any technology developed in this direction?
If you mean reactive technology then there are things like host based IDS
(tripwire, syscall logging, etc.). Generally if you get a report like
"/etc/passwd changed" or "seteuid executed by user nobody" that's a good
indication your system got penetrated. This is why people should log
successful as well as unsuccessful security events (logins, file accesses,
etc.).
Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
- Next message: detmar.liesen@lds.nrw.de: "RE: how to verify whether an attack attempt is successful?"
- Previous message: Randy Taylor: "RE: [IDS] IDS Common Criteria"
- In reply to: Yan Zhai: "how to verify whether an attack attempt is successful?"
- Next in thread: detmar.liesen@lds.nrw.de: "RE: how to verify whether an attack attempt is successful?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
