From owner-freebsd-security Fri Apr 20 9:44:21 2001 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 3692337B42C for ; Fri, 20 Apr 2001 09:44:16 -0700 (PDT) (envelope-from nate@yogotech.com) Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id KAA08415; Fri, 20 Apr 2001 10:43:15 -0600 (MDT) (envelope-from nate@nomad.yogotech.com) Received: (from nate@localhost) by nomad.yogotech.com (8.8.8/8.8.8) id KAA14162; Fri, 20 Apr 2001 10:43:13 -0600 (MDT) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15072.26401.630643.257226@nomad.yogotech.com> Date: Fri, 20 Apr 2001 10:43:13 -0600 (MDT) To: Cy Schubert - ITSD Open Systems Group Cc: Raoul Schroeder , Kris Kennaway , fukuda shinichi , freebsd-security@FreeBSD.ORG Subject: Re: unknown process In-Reply-To: <200104201142.f3KBgxM10140@cwsys.cwsent.com> References: <3ADEFE00.812EA0A3@gmx.net> <200104201142.f3KBgxM10140@cwsys.cwsent.com> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > > Take your system off the net and check it for signs of intrusion. > > > > > > Kris > > > > Just a quick question: How does one check for signs of intrusion. The FreeBSD > > handbook does not really talk a lot about this. > > Is there a good documentation about this? > > Install an IDS immediately after installation, then use it. This is > not a 100% solution but IMO one of the better solutions in your toolkit. Unfortunately, the most common IDS out there require your machine be more 'open' than necessary. (ie; you leave the system open, and it closes them down with firewall entries, rather than just leaving the non-used ports closed down.) Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message