Date: Wed, 1 Dec 1999 13:36:21 -0800 (PST) From: Kris Kennaway <kris@hub.freebsd.org> To: Jason Hudgins <thanatos@incantations.net> Cc: freebsd-security@freebsd.org Subject: Re: logging a telnet session Message-ID: <Pine.BSF.4.21.9912011334370.26230-100000@hub.freebsd.org> In-Reply-To: <Pine.BSF.4.10.9912011525590.16289-100000@eddie.incantations.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 1 Dec 1999, Jason Hudgins wrote: > > The problem with using the cracked box to watch itself is kind of obvious > > given that your intruder has the same level of privileges as you do. You > > really want to be doing this from a safe secondary system. > > And why is that exactly? Pardon me if I'm simply ignorant, but what is > the "problem", and why would a secondary system be perferrable. Because the attacker can simply disable all of your logging, and/or replace them with false logs - you have to assume they know what you're doing and will take steps against it (or they already have). A second system watching the packet stream can't be subverted without also breaking into _that_ one, which is much more difficult if you configure it restrictively. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.9912011334370.26230-100000>