Let's think about the actual attack vectors and hallmarks of an attack.
What happens when a host is attacked? What are the usual sequence of
events that take place? How can OSSEC effectively detect these while
keeping the noise down?
--
Michael Starks
[I] Immutable Security
On Thu, Oct 21, 2010 at 07:34:48AM -0500, Michael Starks wrote:
. What happens when a host is attacked?
Something get in our system
What are the usual
sequence of events that take place? How can OSSEC effectively detect
these while keeping the noise down?
Some suspicious traffic may be
-l...@googlegroups.com] On
Behalf Of Michael Starks
Sent: Thursday, October 21, 2010 5:35 AM
To: ossec-list@googlegroups.com
Subject: [ossec-list] 2WoO Day 5: Shared intelligence: what does an attack look
like?
Let's think about the actual attack vectors and hallmarks of an attack.
What happens
On Thu, 21 Oct 2010 10:37:59 -0600, Jefferson, Shawn
shawn.jeffer...@bcferries.com wrote:
My experience has been:
Servers:
- vulnerability exploited
- processes created
- listening ports changed
- users created
- software installed
- changes to administrators group
- backdoors created