[785] in Intrusion Detection Systems
RE: Signs of an Intruder
daemon@ATHENA.MIT.EDU (Swee-Chuan Khoo)
Sun Dec 1 20:40:29 1996
Date: Thu, 28 Nov 1996 08:21:58 +0800
To: ids@uow.edu.au
From: Swee-Chuan Khoo <sckhoo@tm.net.my>
Reply-To: ids@uow.edu.au
At 06:27 PM 11/25/96 EST, you wrote:
>to detect what has changed and protect your logs by sending them off to
>a secured environment.
yeah, that seems like a good idea, i got an intruder who use a valid account
to telnet in and mess around and also modify the log file.
Couple of mail ago, someone mentioned about making the loghost very secure,
something about UDP and turn off xmit line, can you elaborate?
thanx.
+-----------------------------------------------------------------------+
| Khoo Swee Chuan - TMnet system administrator |
| http://www.asiapac.net/~sckhoo/ sckhoo@asiapac.net |
| tel:603-7337757 fax:603-7345577 #include <std.disclaimer> |
| ****** To join MYISOC mailing list, try majordomo@tm.net.my ******** |
+-----------------------------------------------------------------------+
Contrary to popular belief, Unix is user friendly. It just happens
to be very selective about who it decides to make friends with.
