Security Basics mailing list archives
Re: Auditing / Logging
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Mon, 12 Jan 2004 16:12:34 -0500 (EST)
On Mon, 12 Jan 2004, Don Parker wrote:
The simplest solution would be to simply log all activity using tcpdump in binary format. This decreases the file size, is faster, and allows you to manipulate it after. You can also input this binary log into any protocol analyzer afterwards as well ie: ethereal, etherpeek nx and the such. Doing the above also gives you and your client a copy of exactly what it is you have done during your pen test should there be any questions/complaints.
Which s great on the data being obtained, yyet fails to retain the nature of the exact command that retrieved the data, so make sure one either tee's allcommands to a file <date stamps can help here> or one runs script or something. This helps if one has data results that are similiar and they need to know which command applies to which data, as well as make it possible to dupe scenarios. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Re: Auditing / Logging Don Parker (Jan 12)
- Re: Auditing / Logging R. DuFresne (Jan 12)
- <Possible follow-ups>
- Re: Auditing / Logging Don Parker (Jan 12)
- RE: Auditing / Logging eeefm (Jan 13)
- Re: Auditing / Logging Frank Knobbe (Jan 13)
- Re: Auditing / Logging Mike Hoskins (Jan 13)
- RE: Auditing / Logging Rob Shein (Jan 19)
- *warning* student question Aaron Scribner (Jan 19)
- RE: *warning* student question David Gillett (Jan 20)
- RE: *warning* student question Aaron Scribner (Jan 20)
- Re: *warning* student question Karma (Jan 20)
- RE: Auditing / Logging Steve Armstrong (Jan 19)