Firewall Wizards mailing list archives

Re: FW: OK, I've been hacked, now what?

From: Crispin Cowan <crispin () cse ogi edu>
Date: Fri, 14 May 1999 00:03:23 -0700

kevin.sheldrake () baedsl co uk wrote:

I assume that Tripwire tracks changes to files.  How does it
distinguish between normal,
everyday system usage and unauthorised access?


It has a heuristic for files that are "likely" to change (joe.user's
mailbox) and files that are "unlikely" to change (the login
executable).  It then gives you a report of the "surprising" file
changes, and you get to decide whether you care.  Naturally, this is
configurable.

Is it available
for NT Server 4, NT
Workstation 4, DEC Unix, Solaris?


Yes, yes, probably, and yes:  http://www.tripwiresecurity.com/

Crispin
-----
 Crispin Cowan, Research Assistant Professor of Computer Science, OGI
    NEW:  Protect Your Linux Host with StackGuard'd Programs  :FREE
       http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/

                 Support Justice:  Boycott Windows 98

Current thread:

RE: OK, I've been hacked, now what?, (continued)
- RE: OK, I've been hacked, now what? Scott, Richard (May 05)
- RE: OK, I've been hacked, now what? sedwards (May 07)
- RE: OK, I've been hacked, now what? Scott, Richard (May 07)
- RE: OK, I've been hacked, now what? Chris Tobkin (May 10)
- RE: OK, I've been hacked, now what? kevin . sheldrake (May 11)
  - RE: OK, I've been hacked, now what? dbell (May 12)
- RE: OK, I've been hacked, now what? Peter Mayne (May 12)
- FW: OK, I've been hacked, now what? kevin . sheldrake (May 13)
  - Re: FW: OK, I've been hacked, now what? Asmodeus (May 16)
  - Re: FW: OK, I've been hacked, now what? Joseph S D Yao (May 16)
  - Re: FW: OK, I've been hacked, now what? Crispin Cowan (May 16)
  - Re: FW: OK, I've been hacked, now what? Lance Spitzner (May 16)
  - Re: FW: OK, I've been hacked, now what? Cohen Liota (May 16)
  - Re: FW: OK, I've been hacked, now what? dreamwvr (May 16)