[801] in Intrusion Detection Systems
RE: Signs of an Intruder
daemon@ATHENA.MIT.EDU (Dwight Hubbard)
Thu Dec 5 02:16:43 1996
From: Dwight Hubbard <dhubbard@mail.cedarnet.com>
To: "'ids@uow.edu.au'" <ids@uow.edu.au>
Date: Mon, 2 Dec 1996 08:31:35 -0600
Reply-To: ids@uow.edu.au
The nice thing about writing to some sort of computer readable media is its much
easier to run a script on the logs.
----------
From: Quantum[SMTP:quantum@obsidian.cse.fau.edu]
Sent: Monday, November 25, 1996 11:02 PM
To: 'ids@uow.edu.au'
Subject: RE: Signs of an Intruder
or a more plusible idea is to log to paper.
>
> Why not just log everything to write once media such as a Worm drive...
>
> I also believe there is some help in using "security through obscurity",
> whereby you place wrapper logs etc. in a logfile where a whole lot of
> irrelevant logging goes too (for example, the ftp xferlog, or somesuch).
>
> ...I mean while we are on the issue of "more secure". Nothing is, of
> course.
>
> Tor.
>
> >
> > One problem here is that the knowledgable hacker also knows where to
> > look and will clean up after/during the attack. Therefore wrappers
> > and secondary logging to an alternate host is a more secure way (note
> > I say more secure and not secure) of ensuring audit trails are valid.
>
