Re: update only file system
From: Michael (leahcim@ntlworld.invalid)
Date: 12/09/02
- Next message: Jim Levie: "Re: Really headache on antispam!"
- Previous message: V. Bidikov: "Re: Is this evidence of a crack?"
- In reply to: Dave Thornburgh: "Re: update only file system"
- Next in thread: Dave Thornburgh: "Re: update only file system"
- Reply: Dave Thornburgh: "Re: update only file system"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Michael <leahcim@ntlworld.invalid> Date: Mon, 09 Dec 2002 13:57:43 +0000
On Monday 09 Dec 2002 06:17, Dave Thornburgh
(dave-thorn@nodash.adelphia.net) wrote:
> Better yet - an idea I saw here a couple of months ago. Send your
> syslog
> entries to an IP address that doesn't exist. Have your syslog server
> on the subnet of the non-existent machine, running its nic in
> promiscuous mode without an IP address, intercepting the packets
> destined for the phantom
> machine. An intruder cannot attack a machine he cannot target, or a
> machine that isn't there at all.
It sounds like a good idea, but what's the difference between that and a
machine that simply has no listening ports except the one picking up the
log packets?
If there's an attack on the logging daemon itself, it's there
irrespective of how that data is received afaict.
If anything, things that pick up every packet (tcpdump, IDS systems, a
magic log listener etc) have an increased security risk.
-- Michael.
- Next message: Jim Levie: "Re: Really headache on antispam!"
- Previous message: V. Bidikov: "Re: Is this evidence of a crack?"
- In reply to: Dave Thornburgh: "Re: update only file system"
- Next in thread: Dave Thornburgh: "Re: update only file system"
- Reply: Dave Thornburgh: "Re: update only file system"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
