hi ya eric

i think that a good hacker/cracker can enter your system
and hide himself within a few minutes...depending on
what method the attacked and got into your system.

if you check your logs daily/hourly... you're too late
in being able to detect their presence as its all
been erased/cleaned up...

you do need some form of "intrusion detection" to be
triggered when an event occures that pages you to come
check the server "now".... not later...
        - problem is sometimes you get too many false 
        errors/warnings... so time to make a better filter...

every 30 min or 15 minute sweep is probably okay for most
admin ... to get a warm and fuzzy that things are normal

have fun
alvin

On Mon, 7 May 2001, Eric Johnson wrote:

> On 7 May 2001, at 20:15, Helmut Springer wrote:
> 
> > On Mon 2001-05-07 (11:19), Eric Johnson wrote:
> > > I'm running OpenBSD on one of my systems.  So far, no problems
> > > have been noticed.
> > 
> > Did you notice nothing by expert monitoring while dozens of capable
> > people are attacking, or did you notice nothing by not knowing what
> > to look for and noone trying anything anyway?
> > 
> > I know a lot of sites featuring the latter, and the former is what
> > Jonas told...
> 
> I keep a very close eye on the system and check the logs daily.  
> I'm not running any special monitoring software.
> 
> All I see are the usual attempts.  Who knows how capable they 
> are?

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
  • Re: Alvin Oga
    • Re: Eric Johnson

Reply via email to