Honeypots mailing list archives
Question about logging
From: TJ O'Grady <tjogrady () flyingwithouta net>
Date: Thu, 5 Dec 2002 19:59:12 -0500
Hello,I am just getting my feet wet on some of the concepts in honeypots and intrusion detection. I was wondering if someone can point me in the direction of additional information on setting up logging. I am not understanding how a logging server can be available to copy logs to (via syslogd or some third party Windows tool) and yet not be vulnerable once the honeypot is compromised.
one solution I have come across involves disabling every service on a box except syslogd, except this still seems like it would be vulnerable, especially if the intruder was just trying to flood the log. And I'm not an SME on firewalls, so perhaps I am missing something.
Anyway, while I wouldn't expect an entire explanation in an email for such a broad subject, if anyone has thoughts on good sources I would appreciate it. I am not opposed to amazon.com links, I can get most texts at the local library with a wait.
Thanks, TJ O'Grady
Current thread:
- Question about logging TJ O'Grady (Dec 05)
- Re: Question about logging Valdis . Kletnieks (Dec 05)
- Re: Question about logging Curq (Dec 06)
- Re: Question about logging Floydman (Dec 06)
- <Possible follow-ups>
- Re: Question about logging Ryan Barnett (Dec 06)
- Re: Question about logging Valdis . Kletnieks (Dec 05)