Date: Fri, 20 Apr 2001 11:13:21 -0700 From: Cy Schubert <cschuber@uumail.gov.bc.ca> To: nate@yogotech.com (Nate Williams) Cc: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, Raoul Schroeder <memphis_ms@gmx.net>, Kris Kennaway <kris@obsecurity.org>, fukuda shinichi <fukuda@alles.ad.jp>, freebsd-security@FreeBSD.ORG Subject: Re: unknown process Message-ID: <200104201814.f3KIE6p05737@passer.osg.gov.bc.ca> In-Reply-To: Your message of "Fri, 20 Apr 2001 10:43:13 MDT." <15072.26401.630643.257226@nomad.yogotech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <15072.26401.630643.257226@nomad.yogotech.com>, Nate Williams writes : > > > > Take your system off the net and check it for signs of intrusion. > > > > > > > > Kris > > > > > > Just a quick question: How does one check for signs of intrusion. The Fre > eBSD > > > handbook does not really talk a lot about this. > > > Is there a good documentation about this? > > > > Install an IDS immediately after installation, then use it. This is > > not a 100% solution but IMO one of the better solutions in your toolkit. > > Unfortunately, the most common IDS out there require your machine be > more 'open' than necessary. > > (ie; you leave the system open, and it closes them down with firewall > entries, rather than just leaving the non-used ports closed down.) Actually, the IDS I had in mind was Tripwire. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104201814.f3KIE6p05737>