all depends on the sophistication of the attack... and the probability of said attack will determine the need for such configurations.
typically most of the masquerading techniques i have read about involve a man in the middle type attack whereas you impersonate the IP/MAC address of the original system. On Wed, Mar 2, 2011 at 3:33 PM, dan (ddp) <[email protected]> wrote: > OSSEC and supporting applications will detect what you configure them > to detect. A user coming from an unusual IP address, or at an unusual > time can cause OSSEC to fire an alert. But only if you configure it to > do so. OSSEC can help detect brute force attacks, if the appropriate > logs are available to it. > > "Pretending to have an authorized user identity" doesn't mean much. > Are they pretending to have a username, or are they pretending to be that user? > > On Tue, Mar 1, 2011 at 1:20 PM, Kelly Fitzgerald <[email protected]> > wrote: >> Masquerading is an attack done at the network layer. The masquerade >> attack is an attack where an attacker will try to access a computer >> pretending to have an authorized user identity such as a network >> administrator. >> > -- Gallia est omnes divisa in partes tres. LIT(All Gaul is divided into three parts) Divide a problem into parts, understand each on its own terms, and plan your campaign Julius Caesar . GoogleVoice (614) 489-9522
