Re: Been hacked
From: Newsbox (newsbox_at_customers-of-adelphia.org)
Date: 11/15/03
- Previous message: /dev/rob0: "Re: UPDATE!! (was Re: Have I been compromised? chkrootkit: "Warning: Possible LKM Trojan installed" - nmap: "port 1313 open")"
- In reply to: jim_patterson: "Re: Been hacked"
- Next in thread: Otis Kenny: "Re: Been hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 14 Nov 2003 18:00:25 -0500
On Fri, 14 Nov 2003 14:35:47 -0500, jim_patterson wrote:
> On Fri, 14 Nov 2003 18:30:28 +0000, Dale Dellutri wrote:
>
>> On Fri, 14 Nov 2003 16:27:46 GMT, Jim Patterson
>> <jim_patterson@comcast.net> wrote:
>>>...
>>> Is there a program out there that will monitor a system and indicate
>>> immediately if someone is modifying files? Low cost?
>>
>> Tripwire. It's free, included with RedHat 9 (probably others).
>>
>> Don't know if you can set it for immediate notification, but certainly
>> daily, and probably more often if set up correctly.
> tripwire is the monitoring program that was removed. on a RH9 system. So
> i'm looking for something that will alert me immediately to what is
> going on.
snort
But snort does not monitor your filesystem, it monitors your network
traffic. However, snort is real-time, wheras tripwire is scheduled. If
you want tripwire, you can get it online. Look around.
And if your system is hacked, disconnect it from the network !!
- Previous message: /dev/rob0: "Re: UPDATE!! (was Re: Have I been compromised? chkrootkit: "Warning: Possible LKM Trojan installed" - nmap: "port 1313 open")"
- In reply to: jim_patterson: "Re: Been hacked"
- Next in thread: Otis Kenny: "Re: Been hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
