Re: Log Analysis Service?
From: Jem Berkes (jb_at_users.pc9.org)
Date: 23 Feb 2004 00:33:29 GMT
> Thanx for the reply, but, TBH, it wasn't particularly helpful. Or
> perhaps you misunderstood me.
> I am well aware of how difficult it is to go from "oops, something bad
> happened" to dragging someone before the ol' bar of justice.
> The question I asked is much simpler: since >>I<< am not an expert in
> analyzing log files of a hacked machine, are there companies that sell
> such a service? If so, who are the good/reputable ones?
There's Counterpane Internet Security, which was founded by cryptographer
and security guru Bruce Schneier.
As I understand it, what they pretty much do is centralized IDS and other
monitoring. I could see this being a valuable service for a very large
site, but for smaller sites I doubt they can do much better than what a
free IDS, like Snort [ http://www.snort.org/ ] can offer you.
But reading your initial post again, I don't think any of this applies to
you. Your system has already been compromised, and therefore you can't
trust any of the log files you might have kicking around.
You're going to have to reinstall everything from scratch, applying all the
latest upgrades, and then set up an IDS if you want to better monitor your
security for the future.
-- Jem Berkes http://www.sysdesign.ca/