[783] in Intrusion Detection Systems


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: searching logs for key phrases

daemon@ATHENA.MIT.EDU (Guido van Rooij)
Sun Dec 1 20:34:12 1996

From: Guido van Rooij <Guido.vanRooij@nl.cis.philips.com>
To: ids@uow.edu.au
Date: Wed, 27 Nov 1996 14:02:14 +0100 (MET)

at "Nov 26, 96 01:07:53 pm"
X-Mailer: ELM [version 2.4ME+ PL19 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-ids
Precedence: bulk
Reply-To: ids

Mike Kienenberger wrote:
> 
> VRFY            /usr/adm/*SYSLOG.mail   check mail logs for VRFY commands
> EXPN            /usr/adm/*SYSLOG.mail   check mail logs for EXPN commands
> " command "     /usr/adm/*SYSLOG.mail   check mail logs for debug/wiz commands
> 
> deni                    /usr/adm/*SYSLOG.auth   check for denied net cmds in S
YS
> LOG
> fail                    /usr/adm/*SYSLOG.auth   check for failed login  
> attempts (passwords
>                                                                         at  
> the login prompt; brute force attacks, etc)
> 
> Does anyone have other things you look for on a regular basis?

It is in general a bad idea to scan for interesting things. What should
be done in stead is filter out the non-interesting ones.

-Guido


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[783] in Intrusion Detection Systems

Re: searching logs for key phrases

daemon@ATHENA.MIT.EDU (Guido van Rooij)Sun Dec 1 20:34:12 1996

daemon@ATHENA.MIT.EDU (Guido van Rooij)
Sun Dec 1 20:34:12 1996