Re: [twincling] System intrusion and detection
On Mon, 6 Jul 2009, sridhar Reddy wrote: Hi Saifi, My problem is spam is generated from my email system from the pool of address allocated. Even though we do not use all the IP addresses form the pool of addresses it specifically generating spam form one of my system and ISP complained that he is receiving lot of complaints regarding this as a result he has blocked SMTP port as result of which i am missing out any cleint emails. Any help will be greatly apprecieated. Thanks Sridhar Reddy Hi Sridhar: SMTP relay is what makes the email systems tick and so all SMTP servers need to accept SMTP requests. However, what you can do, is configure your SMTP server to use 'SMTP AUTH with STARTTLS'. Hope this helps. thanks Saifi.
Re: [twincling] System intrusion and detection
On Sat, 4 Jul 2009, skommar21 wrote: Hi All, How can one detect/ Check whether his system has been intruded? can any body please explain the task / activities required to check whether his system has been compromised. Are there any good open source software which are good detecting sypware, Mal ware and other forms which are threat to data . Thanks sridhar Yes, one can ! You need to run a Intrusion detection system like - Bro, Prelude or Snort, depending on the deployment architecture. The first task or activity you need to do, to do investigation or forensics on the system is to take it offline and shut it down. Next step would be to mount the disk of the system externally and start the investigations . review of logs . service confs etc. What exactly is the situation you are facing ? thanks Saifi.
Re: [twincling] System intrusion and detection
You can also try a HIDS (Host-based IDS) like Ossec. It differs from Snort (NIDS) by analysing logs instead of network traffic like Snort. So you see they look at different things for detection. Ossec is client-server model that is available for Linux and Windows. The last time I worked with it, there was only a client version for Windows. So to monitior a Windows system you need a Ossec server installed somewhere else. Navneet On Sat, 4 Jul 2009, skommar21 wrote: Hi All, How can one detect/ Check whether his system has been intruded? can any body please explain the task / activities required to check whether his system has been compromised. Are there any good open source software which are good detecting sypware, Mal ware and other forms which are threat to data . Thanks sridhar
Re: [twincling] System intrusion and detection
Hi Saifi, My problem is spam is generated from my email system from the pool of address allocated. Even though we do not use all the IP addresses form the pool of addresses it specifically generating spam form one of my system and ISP complained that he is receiving lot of complaints regarding this as a result he has blocked SMTP port as result of which i am missing out any cleint emails. Any help will be greatly apprecieated. Thanks Sridhar Reddy On Sun, Jul 5, 2009 at 12:41 PM, Saifi Khan saifi.k...@twincling.orgwrote: On Sat, 4 Jul 2009, skommar21 wrote: Hi All, How can one detect/ Check whether his system has been intruded? can any body please explain the task / activities required to check whether his system has been compromised. Are there any good open source software which are good detecting sypware, Mal ware and other forms which are threat to data . Thanks sridhar Yes, one can ! You need to run a Intrusion detection system like - Bro, Prelude or Snort, depending on the deployment architecture. The first task or activity you need to do, to do investigation or forensics on the system is to take it offline and shut it down. Next step would be to mount the disk of the system externally and start the investigations . review of logs . service confs etc. What exactly is the situation you are facing ? thanks Saifi. [Non-text portions of this message have been removed]