Full Disclosure mailing list archives
Re: [inbox] Re: Reacting to a server compromise
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Sun, 3 Aug 2003 14:20:28 -0700
----- Original Message ----- From: "Curt Purdy" <purdy () tecman com> To: "'Jennifer Bradley'" <jenbradley () webmail co za>; <full-disclosure () lists netsys com> Sent: Sunday, August 03, 2003 1:29 PM Subject: RE: [inbox] Re: [Full-disclosure] Reacting to a server compromise
Jennifer, I made a reply to someone disagreeing with your statement on copying the drive, supporting your contention. However, most courts will not accept log files on magnetic media as evidence due to the ease of alteration. This is why we collect all logs on a central syslog server
that
writes directly to write-once media. That is irrefutable evidence.
and what if all the connections were via proxy on the charged persons computer??? lets convict innocent people, i think not. condider the simple tcpredirect or a proxy, running on ( Jennifers ) system, omg look, Jennifer is being arrested for embezilling ABC company because ABC companys logs show Jennifers ip address as the originating IP address. im still failing to see computer generated access logs based upon IP addresses as evidence. Donnie Werner _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: [inbox] Reacting to a server compromise, (continued)
- RE: [inbox] Reacting to a server compromise Curt Purdy (Aug 03)
- Re: Reacting to a server compromise Jennifer Bradley (Aug 02)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 03)
- RE: [inbox] Re: Reacting to a server compromise Michal Zalewski (Aug 03)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 04)
- RE: [inbox] Re: Reacting to a server compromise Michal Zalewski (Aug 05)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 05)
- RE: [inbox] Re: Reacting to a server compromise Bojan Zdrnja (Aug 06)
- RE: [inbox] Re: Reacting to a server compromise Michal Zalewski (Aug 06)
- Re: [inbox] Re: Reacting to a server compromise Valdis . Kletnieks (Aug 05)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 03)
- Re: [inbox] Re: Reacting to a server compromise morning_wood (Aug 03)
- Re: [inbox] Re: Reacting to a server compromise Peter Busser (Aug 04)
- Re: Reacting to a server compromise SecuresDotComs (Aug 02)
- Re: Reacting to a server compromise madsaxon (Aug 02)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 03)
- Re: [inbox] Re: Reacting to a server compromise Gaurav Kumar (Aug 03)
- Re: Reacting to a server compromise Alexandre Dulaunoy (Aug 03)
- RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 04)
- Re: Reacting to a server compromise David Hayes (Aug 05)
- Re: Reacting to a server compromise Ron DuFresne (Aug 05)