[122938] in North American Network Operators' Group
Re: RE: Security Guideance
daemon@ATHENA.MIT.EDU (Paul Bosworth)
Tue Feb 23 15:32:33 2010
In-Reply-To: <25b132e91002231230g5d0c2ceex276c417a340eda34@mail.gmail.com>
Date: Tue, 23 Feb 2010 15:31:56 -0500
From: Paul Bosworth <pbosworth@gmail.com>
To: Matt Sprague <msprague@readytechs.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Place an ids in front of the server and write a rule for the traffic
signature.
Paul B.
Sent with Android
On Feb 23, 2010 3:25 PM, "Matt Sprague" <msprague@readytechs.com> wrote:
The user could also be running the command inline somehow or deleting the
file when they log off. Check who was logged onto the server at the time
of the attack to narrow down your search. I like the split the users idea,
though it could be several iterations to narrow down the culprit.
-----Original Message-----
From: Ronald Cotoni [mailto:setient@gmail.com]
Sent: Tuesday, February ...
