Date: Fri, 01 Dec 2000 06:37:44 -0800 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: mwlucas@exceptionet.com Cc: scrappy@hub.org (The Hermit Hacker), kris@FreeBSD.ORG, sriva@gufi.org, security@FreeBSD.ORG Subject: IDS (was: Re: FreeBSD hacked?) Message-ID: <200012011438.eB1EcHO47163@cwsys.cwsent.com> In-Reply-To: Your message of "Thu, 30 Nov 2000 12:32:41 EST." <200011301732.MAA08853@easeway.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <200011301732.MAA08853@easeway.com>, mwlucas@exceptionet.com writes: > [picking this message to respond to in general, not you in particular] > Besides, the hackers *claim* it was a "harmless" intrusion. Kris must be > going nuts finding out what else was changed, or confirming nothing else > was. We've all been there. > > IIRC, Freefall's been rooted before. It'll probably be rooted again. A > security admin's job sucks, but life goes on. An IDS like tripwire or aide will help in this department. Of course there are limitations, e.g. rootkits that install themselves as kernel mods, and there extra things that need to be done to improve tripwire's or aide's ability to withstand database corruption, but it is better than doing nothing at all. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012011438.eB1EcHO47163>