RE: Signs of an Intruder

Dwight Hubbard (dhubbard@mail.cedarnet.com)
Mon, 2 Dec 1996 08:31:35 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Guido van Rooij: "Re: searching logs for key phrases"
Previous message: Kingsford, Bryan: "Re: searching logs for key phrases"

The nice thing about writing to some sort of computer readable media is its much
 easier to run a script on the logs.

----------
From:   Quantum[SMTP:quantum@obsidian.cse.fau.edu]
Sent:   Monday, November 25, 1996 11:02 PM
To:     'ids@uow.edu.au'
Subject:        RE: Signs of an Intruder


or a more plusible idea is to log to paper.

> 
> Why not just log everything to write once media such as a Worm drive...
> 
> I also believe there is some help in using "security through obscurity",
> whereby you place wrapper logs etc. in a logfile where a whole lot of
> irrelevant logging goes too (for example, the ftp xferlog, or somesuch).
> 
> ...I mean while we are on the issue of "more secure". Nothing is, of 
> course.
> 
> Tor.
> 
> > 
> > One problem here is that the knowledgable hacker also knows where to 
> > look and will clean up after/during the attack. Therefore wrappers 
> > and secondary logging to an alternate host is a more secure way (note 
> > I say more secure and not secure) of ensuring audit trails are valid.
>

Next message: Guido van Rooij: "Re: searching logs for key phrases"
Previous message: Kingsford, Bryan: "Re: searching logs for key phrases"