hi ya eric
i think that a good hacker/cracker can enter your system
and hide himself within a few minutes...depending on
what method the attacked and got into your system.
if you check your logs daily/hourly... you're too late
in being able to detect their presence as its all
been erased/cleaned up...
you do need some form of "intrusion detection" to be
triggered when an event occures that pages you to come
check the server "now".... not later...
- problem is sometimes you get too many false
errors/warnings... so time to make a better filter...
every 30 min or 15 minute sweep is probably okay for most
admin ... to get a warm and fuzzy that things are normal
have fun
alvin
On Mon, 7 May 2001, Eric Johnson wrote:
> On 7 May 2001, at 20:15, Helmut Springer wrote:
>
> > On Mon 2001-05-07 (11:19), Eric Johnson wrote:
> > > I'm running OpenBSD on one of my systems. So far, no problems
> > > have been noticed.
> >
> > Did you notice nothing by expert monitoring while dozens of capable
> > people are attacking, or did you notice nothing by not knowing what
> > to look for and noone trying anything anyway?
> >
> > I know a lot of sites featuring the latter, and the former is what
> > Jonas told...
>
> I keep a very close eye on the system and check the logs daily.
> I'm not running any special monitoring software.
>
> All I see are the usual attempts. Who knows how capable they
> are?
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
