IDS mailing list archives
Re: how to verify whether an attack attempt is successful?
From: "Kurt Seifried" <bt () seifried org>
Date: Wed, 15 Jan 2003 13:27:19 -0800
Is there any technology developed in this direction?
If you mean reactive technology then there are things like host based IDS (tripwire, syscall logging, etc.). Generally if you get a report like "/etc/passwd changed" or "seteuid executed by user nobody" that's a good indication your system got penetrated. This is why people should log successful as well as unsuccessful security events (logins, file accesses, etc.). Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/
Current thread:
- how to verify whether an attack attempt is successful? Yan Zhai (Jan 15)
- Re: how to verify whether an attack attempt is successful? Huagang XIE (Jan 16)
- Re: how to verify whether an attack attempt is successful? Jose Nazario (Jan 16)
- Re: how to verify whether an attack attempt is successful? Kurt Seifried (Jan 16)
- <Possible follow-ups>
- RE: how to verify whether an attack attempt is successful? detmar . liesen (Jan 17)
- RE: how to verify whether an attack attempt is successful? Ron Gula (Jan 20)
- Re: how to verify whether an attack attempt is successful? Scott Wimer (Jan 21)
- Re: how to verify whether an attack attempt is successful? Yan Zhai (Jan 19)