Date: Fri, 20 Apr 2001 10:43:13 -0600 (MDT) From: Nate Williams <nate@yogotech.com> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: Raoul Schroeder <memphis_ms@gmx.net>, Kris Kennaway <kris@obsecurity.org>, fukuda shinichi <fukuda@alles.ad.jp>, freebsd-security@FreeBSD.ORG Subject: Re: unknown process Message-ID: <15072.26401.630643.257226@nomad.yogotech.com> In-Reply-To: <200104201142.f3KBgxM10140@cwsys.cwsent.com> References: <3ADEFE00.812EA0A3@gmx.net> <200104201142.f3KBgxM10140@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > Take your system off the net and check it for signs of intrusion. > > > > > > Kris > > > > Just a quick question: How does one check for signs of intrusion. The FreeBSD > > handbook does not really talk a lot about this. > > Is there a good documentation about this? > > Install an IDS immediately after installation, then use it. This is > not a 100% solution but IMO one of the better solutions in your toolkit. Unfortunately, the most common IDS out there require your machine be more 'open' than necessary. (ie; you leave the system open, and it closes them down with firewall entries, rather than just leaving the non-used ports closed down.) Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15072.26401.630643.257226>