[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] PortSentry and Logcheck ?

Subject: RE: [cobalt-users] PortSentry and Logcheck ?
From: Brent Sims <brent@xxxxxxxxxxx>
Date: Mon Jun 5 09:26:31 2000

On Mon, 5 Jun 2000, Rodolfo Paiz so wrote:

} What's tripwire, triplite, etc. I have no idea what a "base line" thingy is,
} what it does, or where to get it; could you expand a little? I'm already
} working on installing the other two.

	When a machine is exploited (hacked) daemons and critical
functionality are usually replace by versions that give the person
who exploited an easy but seldom monitored doorway into the machine
and more often than not tools are installed which are used to
exploit over machines. 

	Thus it is a good idea to install something that will check
critical files on a regular basis and report any changes to those
files to the people responsible for running the machine. "Base Line
Thingy" s - that's a technical term - create and maintain a
'baseline' database containing the details of the critical files on
a machine and report any changes to those files. Then end result is,
for example, if someone were to find a way into a server and while
there they added a trojen which ran from the inetd.conf file, the
change to the inetd.conf file would be spotted by the "Base Line
Thingy" and reported to the machine's mother - you, perhaps.

	Check out the lasg for more:

	http://webokay.com/help/lasg/attack-detection/

	While dessiminating fear is not my style, the bad guys often
monitor lists such as this. Worse yet, perhaps, the average level of
technical expertise on this list is low enough that what I'm about
to say ought to make sense. Since starting my efforts to help some
of you secure your servers, the scans and attacks on our servers
here have increased substantially - frightenly so. My guess is that
a few bad apples are here for no other reason than to locate servers
that are easy pickings... this is pretty much true on any list of
this nature though. I'm just surprised by the results that my meger
efforts have been producing...

	Peace be with you,
	
	Brent
	
	Brent Sims
	WebOkay Internet Services
	http://www.WebOkay.net
	Brent@xxxxxxxxxxx
	(719) 595-1427 (Voice/Fax)

Follow-Ups:
- RE: [cobalt-users] PortSentry and Logcheck ?
  - From: Rodolfo Paiz

References:
- RE: [cobalt-users] PortSentry and Logcheck ?
  - From: Rodolfo Paiz

Prev by Date: Re: [cobalt-users] index.html, index.htm, index.shtml, etc.
Next by Date: Re: [cobalt-users] PortSentry and Logcheck ?
Previous by thread: RE: [cobalt-users] PortSentry and Logcheck ?
Next by thread: RE: [cobalt-users] PortSentry and Logcheck ?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index