On 12/1/01 at 8:30 PM, Jack Coates <[EMAIL PROTECTED]> wrote: > On Sat, 1 Dec 2001, Charles Steinkuehler wrote:
> > Or just grab a bunch of multi-port serial cards from > > e-bay, and setup a log-host using serial links. You can > > keep the log host disconnected from the net entirely (or > > more likely, keep it's interface un-configured, and > > bring it up/down manually if you ever need to network). > I saw this suggested in one of my paranoiac books (maybe > "Network Intrusion Detection Analyst's Handbook"?) -- but > they went one better by suggesting that you then copy > everything to lp on the loghost. Hook up an old dot matrix > printer with a Costco-sized case of paper, and you've got > court-admissible documentation of everything that happens > on your network. The recommendation I saw went even further - and suggested that any serial cable could be clipped so that the log host was receive only. There was also discussion on how to do this for network cables - and, as I remember, 10BaseT can't be done this way easily. -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] _______________________________________________ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
