Re: Fw: Re[2]: FW: Linux server as it own firewall
From: Zow (zow@presume.llnl.gov)Date: 09/17/01
- Previous message: Scott Gifford: "Re: Clever firewall rules"
- Maybe in reply to: James Puckett: "Linux server as it own firewall"
- Next in thread: Jeff Schaller: "Re: Fw: Re[2]: FW: Linux server as it own firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200109171751.KAA05421@poptop.llnl.gov> To: Jeff Schaller <schaller@freeshell.org> Subject: Re: Fw: Re[2]: FW: Linux server as it own firewall Date: Mon, 17 Sep 2001 10:51:44 -0700 From: "Zow" Terry Brugger <zow@presume.llnl.gov>
> So I guess I'm looking for reasons to convince me that I should
> log stuff.
Call me a pessimist, but you should log so that when you get compromised (and
saying you aren't going to get compromised is tantamount to calling the
Titanic "Unsinkable") you can reconstruct how it happened and who did it.
Sure, the attacker could also compromise your logging host and wipe your logs
or overrun your logs so the relevant information gets rotated out, but I don't
think many attackers try that hard to be noticed. I don't have any hard data
to support that, but consider why most attackers might even bother
compromising hosts - probably to use them as zombies or some such - getting
noticed and having the machine wiped does nothing to help that pursuit.
My $.02,
Terry
#include <stddisclaimer.h>
- Previous message: Scott Gifford: "Re: Clever firewall rules"
- Maybe in reply to: James Puckett: "Linux server as it own firewall"
- Next in thread: Jeff Schaller: "Re: Fw: Re[2]: FW: Linux server as it own firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
