Re: Fw: Re[2]: FW: Linux server as it own firewall

From: Zow (zow@presume.llnl.gov)
Date: 09/17/01


Message-Id: <200109171751.KAA05421@poptop.llnl.gov>
To: Jeff Schaller <schaller@freeshell.org>
Subject: Re: Fw: Re[2]: FW: Linux server as it own firewall 
Date: Mon, 17 Sep 2001 10:51:44 -0700
From: "Zow" Terry Brugger <zow@presume.llnl.gov>


> So I guess I'm looking for reasons to convince me that I should
> log stuff.

Call me a pessimist, but you should log so that when you get compromised (and
saying you aren't going to get compromised is tantamount to calling the
Titanic "Unsinkable") you can reconstruct how it happened and who did it.
Sure, the attacker could also compromise your logging host and wipe your logs
or overrun your logs so the relevant information gets rotated out, but I don't
think many attackers try that hard to be noticed. I don't have any hard data
to support that, but consider why most attackers might even bother
compromising hosts - probably to use them as zombies or some such - getting
noticed and having the machine wiped does nothing to help that pursuit.

My $.02,
Terry

#include <stddisclaimer.h>



Relevant Pages

  • Re: More FYI
    ... > corporate networks for remote client computers. ... > A remote attacker may exploit this flaw to remotely compromise any VPN-1 ... > has developed functional exploit code for this vulnerability and has ... Attackers will be able to run commands under the ...
    (comp.security.firewalls)
  • Re: Fw: Re[2]: FW: Linux server as it own firewall
    ... Sure, the attacker ... > could also compromise your logging host and wipe your logs or ... finish my stupid article and get people to critique it (this ...
    (Focus-Linux)