[lug] logs
John Hernandez
John.Hernandez at noaa.gov
Mon Jul 30 10:40:46 MDT 2001
"D. Stimits" wrote:
> Sending logs via email to a machine that is
> completely isolated from the breached machine is a way to do that
> (separate machines with no direct interface).
>
> D. Stimits, stimits at idcomm.com
The problem with e-mail as an alternative to UDP logging is that by the time your cron job fires up to e-mail the logs, the intruder has already covered his tracks. A combination of the two techniques, where logs are e-mailed to a remote account by the UDP loghost, may be the best defense.
>
> >
> > I must have misunderstood what you were saying...
> >
> > Sean
> > --
> > Let's just say that your monkeys aren't quite typing Shakespeare.
> > -- Sean Reifschneider, speaking about Quicken support, 2001
> > Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
> > tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
--
- John Hernandez - Network Engineer - 303-497-6392 -
| National Oceanic and Atmospheric Administration |
| Mailstop R/OM12. 325 Broadway, Boulder, CO 80305 |
----------------------------------------------------
More information about the LUG
mailing list