Firewall Wizards mailing list archives
Re: FW: OK, I've been hacked, now what?
From: Crispin Cowan <crispin () cse ogi edu>
Date: Fri, 14 May 1999 00:03:23 -0700
kevin.sheldrake () baedsl co uk wrote:
I assume that Tripwire tracks changes to files. How does it distinguish between normal, everyday system usage and unauthorised access?
It has a heuristic for files that are "likely" to change (joe.user's mailbox) and files that are "unlikely" to change (the login executable). It then gives you a report of the "surprising" file changes, and you get to decide whether you care. Naturally, this is configurable.
Is it available for NT Server 4, NT Workstation 4, DEC Unix, Solaris?
Yes, yes, probably, and yes: http://www.tripwiresecurity.com/ Crispin ----- Crispin Cowan, Research Assistant Professor of Computer Science, OGI NEW: Protect Your Linux Host with StackGuard'd Programs :FREE http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/ Support Justice: Boycott Windows 98
Current thread:
- RE: OK, I've been hacked, now what?, (continued)
- RE: OK, I've been hacked, now what? Scott, Richard (May 05)
- RE: OK, I've been hacked, now what? sedwards (May 07)
- RE: OK, I've been hacked, now what? Scott, Richard (May 07)
- RE: OK, I've been hacked, now what? Chris Tobkin (May 10)
- RE: OK, I've been hacked, now what? kevin . sheldrake (May 11)
- RE: OK, I've been hacked, now what? dbell (May 12)
- RE: OK, I've been hacked, now what? Peter Mayne (May 12)
- FW: OK, I've been hacked, now what? kevin . sheldrake (May 13)
- Re: FW: OK, I've been hacked, now what? Asmodeus (May 16)
- Re: FW: OK, I've been hacked, now what? Joseph S D Yao (May 16)
- Re: FW: OK, I've been hacked, now what? Crispin Cowan (May 16)
- Re: FW: OK, I've been hacked, now what? Lance Spitzner (May 16)
- Re: FW: OK, I've been hacked, now what? Cohen Liota (May 16)
- Re: FW: OK, I've been hacked, now what? dreamwvr (May 16)