[864] in Intrusion Detection Systems
Re: syslogd core
daemon@ATHENA.MIT.EDU (owner-ids@uow.edu.au)
Sun Jan 19 12:08:22 1997
From: owner-ids@uow.edu.au
To: ids@uow.edu.au
Date: Fri, 17 Jan 1997 12:29:44 -0400 (AST)
In-Reply-To: <199701132021.OAA01229@magnify.opr.com> from "Ivan Pulleyn" at Jan
13, 97 02:21:20 pm
From: dinn@moose.nstn.ca (Michael 'Moose' Dinn)
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-ids
Precedence: bulk
Reply-To: ids
> I found a core from syslogd the other day on my Solaris 2.5.1 based firewall.
> We are running the FW-1 firewall that comes with Sun's Netra. The question
> is, what can I do with this core to determine if it was the result of any
> foul play? gdb tells me little, same thing with strings -a.
Stock Solaris syslogd will core dump if it receives a packet from an ip#
that doesn't resolve back into a hostname.
--
Michael 'Moose' Dinn \ Sun Life Skate Canada - LIVE on the Web
Michael.Dinn@iSTAR.Ca \
iSTAR Internet Inc. \ http://www.ctvistar.com
(902) 481-4524 Voice \
If you own a 1972 Mustang Convertible... I want to hear from you!
