[803] in Intrusion Detection Systems
Re: searching logs for key phrases
daemon@ATHENA.MIT.EDU (Serendipity favors the fool...)
Wed Dec 11 01:38:24 1996
Date: Thu, 5 Dec 1996 17:13:54 -0500 (EST)
From: "Serendipity favors the fool..." <sfuze@escape.com>
To: Guido van Rooij <Guido.vanRooij@nl.cis.philips.com>
Cc: ids@uow.edu.au
In-Reply-To: <199611271302.OAA21450@spooky.lss.cp.philips.com>
Reply-To: ids@uow.edu.au
On Wed, 27 Nov 1996, Guido van Rooij wrote:
> Mike Kienenberger wrote:
> >
> > Does anyone have other things you look for on a regular basis?
>
> It is in general a bad idea to scan for interesting things. What should
> be done in stead is filter out the non-interesting ones.
actually it is a bad idea to filter out the "non-interesting" things, as
alot of people can do interesting things with the non-interesting things.
It is a better idea to telnet to your own mail port and find out the version
of sendmail/mail you are using and patch the hell out of it :)
-s/f.
