[768] in Intrusion Detection Systems
Re: Signs of an Intruder
daemon@ATHENA.MIT.EDU (John-David Childs)
Mon Nov 25 17:51:21 1996
Date: Sat, 23 Nov 1996 19:35:48 -0700 (MST)
From: John-David Childs <jdc@ism.net>
To: ids@uow.edu.au
In-Reply-To: <Pine.GSO.3.93.961121133218.8599D-100000@pilt.online.no>
Reply-To: ids@uow.edu.au
On Thu, 21 Nov 1996, Tor Houghton wrote:
>
> I also believe there is some help in using "security through obscurity",
> whereby you place wrapper logs etc. in a logfile where a whole lot of
> irrelevant logging goes too (for example, the ftp xferlog, or somesuch).
>
And another thing which we all know but bears repeating since one of
my systems was trashed last night beyond all recognition and I didn't
heed this advice:
send logging information to a separate (secure) machine
I know who it was, but I have no way to prove it without logfiles.
--
jdc
