Re: Signs of an Intruder

Tor Houghton (th@online.no)
Thu, 21 Nov 1996 13:34:36 +0100 (MET)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Matt Maier: "Re: Netcat probing, logs and detection"
Previous message: owner-ids@uow.edu.au: "Re[2]: Welcome to ids"
Next in thread: Jonathan M. Bresler: "Re: Signs of an Intruder"

I also believe there is some help in using "security through obscurity",
whereby you place wrapper logs etc. in a logfile where a whole lot of
irrelevant logging goes too (for example, the ftp xferlog, or somesuch).

...I mean while we are on the issue of "more secure". Nothing is, of 
course.

Tor.

> 
> One problem here is that the knowledgable hacker also knows where to 
> look and will clean up after/during the attack. Therefore wrappers 
> and secondary logging to an alternate host is a more secure way (note 
> I say more secure and not secure) of ensuring audit trails are valid.

Next message: Matt Maier: "Re: Netcat probing, logs and detection"
Previous message: owner-ids@uow.edu.au: "Re[2]: Welcome to ids"
Next in thread: Jonathan M. Bresler: "Re: Signs of an Intruder"