Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 20 Apr 2001 10:43:13 -0600 (MDT)
From:      Nate Williams <nate@yogotech.com>
To:        Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
Cc:        Raoul Schroeder <memphis_ms@gmx.net>, Kris Kennaway <kris@obsecurity.org>, fukuda shinichi <fukuda@alles.ad.jp>, freebsd-security@FreeBSD.ORG
Subject:   Re: unknown process 
Message-ID:  <15072.26401.630643.257226@nomad.yogotech.com>
In-Reply-To: <200104201142.f3KBgxM10140@cwsys.cwsent.com>
References:  <3ADEFE00.812EA0A3@gmx.net> <200104201142.f3KBgxM10140@cwsys.cwsent.com>

next in thread | previous in thread | raw e-mail | index | archive | help
> > > Take your system off the net and check it for signs of intrusion.
> > >
> > > Kris
> > 
> > Just a quick question: How does one check for signs of intrusion. The FreeBSD
> > handbook does not really talk a lot about this.
> > Is there a good documentation about this?
> 
> Install an IDS immediately after installation, then use it.  This is 
> not a 100% solution but IMO one of the better solutions in your toolkit.

Unfortunately, the most common IDS out there require your machine be
more 'open' than necessary.

(ie; you leave the system open, and it closes them down with firewall
entries, rather than just leaving the non-used ports closed down.)



Nate

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15072.26401.630643.257226>