Firewall Wizards mailing list archives
Re: FW: OK, I've been hacked, now what?
From: dreamwvr <dreamwvr () dreamwvr com>
Date: Thu, 13 May 1999 13:50:34 -0600
hi,
Solaris yes.. and DEC UNIX AFAIK. it uses checksums to
determine trust of files. you set it up to treat files differently
using rules.. there also might be a nt version although
i am not certain of that:-} but it would cost you $$ will no
better results IMHO. as a pretty gui does not secure you from
what occurs under the surface;-)
Regards,
dreamwvr () dreamwvr com
At 06:40 PM 5/12/99 +0100, kevin.sheldrake () baedsl co uk wrote:
I assume that Tripwire tracks changes to files. How does it distinguish between normal, everyday system usage and unauthorised access? Is it available for NT Server 4, NT Workstation 4, DEC Unix, Solaris? Kevin Sheldrake CCIS Prototypes and Demonstrations British Aerospace Defence Systems [+44 | 0] 1202 408035, kevin.sheldrake () baedsl co uk-----Original Message----- From: Peter Mayne [SMTP:Peter.Mayne () digital com] Sent: 12 May 1999 04:08 Tripwire will do pretty reasonable job of telling you what's changed. This need not be expensive. PJDM ---- Peter Mayne, Compaq Computer Australia, Canberra, ACT These are my opinions, and have nothing to do with Compaq. A room without books is like a body without a soul. - Cicero-----Original Message----- From: kevin.sheldrake () baedsl co uk[SMTP:kevin.sheldrake () baedsl co uk]Sent: Tuesday, May 11, 1999 6:38 PM To: firewall-wizards () nfr net Subject: RE: OK, I've been hacked, now what? After an attack has been discovered, the victim (company)mustinvestigate the damage to the liberated system. This could involvemanuallychecking all files in all directories for alteration. Following this,thesystem should then be checked in order to detect any external copying offiles(this could involve the system logs or a network traffic monitor.) These two activities are expensive.
Reuters, London, February 29, 1998:
Scientists have announced discovering a meteorite which will strike the
earth in March, 2028. Millions of UNIX coders expressed relief for being
spared the UNIX epoch "crisis" of 2038.
_______________________________________________________________________
************** DREAMWVR.COM - TOTAL INTERNET SERVICES ****************
TOTAL DESIGN - DEVELOPMENT - INTEGRATION - SECURITY - Click Here..
<http://www.dreamwvr.com/services/MAX_SEC.html>
DREAMWVR.COM - The Console of Many... 24 X 7 Evolution Internet
<http://www.dreamwvr.com/dynamicduo.html> <mailto:dreamwvr () dreamwvr com>
-> Linux-Mandrake Solution Provider and North American Distributor <-
<http://www.dreamwvr.com/mandrake/mandrake-dist.html>
"As Unique as the Company You Keep." "===0 PGP Key Available
________________________________________________________________________
Current thread:
- RE: OK, I've been hacked, now what?, (continued)
- RE: OK, I've been hacked, now what? Chris Tobkin (May 10)
- RE: OK, I've been hacked, now what? kevin . sheldrake (May 11)
- RE: OK, I've been hacked, now what? dbell (May 12)
- RE: OK, I've been hacked, now what? Peter Mayne (May 12)
- FW: OK, I've been hacked, now what? kevin . sheldrake (May 13)
- Re: FW: OK, I've been hacked, now what? Asmodeus (May 16)
- Re: FW: OK, I've been hacked, now what? Joseph S D Yao (May 16)
- Re: FW: OK, I've been hacked, now what? Crispin Cowan (May 16)
- Re: FW: OK, I've been hacked, now what? Lance Spitzner (May 16)
- Re: FW: OK, I've been hacked, now what? Cohen Liota (May 16)
- Re: FW: OK, I've been hacked, now what? dreamwvr (May 16)