|
Firewall Wizards
mailing list archives
Re: FW: OK, I've been hacked, now what?
From: Crispin Cowan <crispin () cse ogi edu>
Date: Fri, 14 May 1999 00:03:23 -0700
kevin.sheldrake () baedsl co uk wrote:
I assume that Tripwire tracks changes to files. How does it
distinguish between normal,
everyday system usage and unauthorised access?
It has a heuristic for files that are "likely" to change (joe.user's
mailbox) and files that are "unlikely" to change (the login
executable). It then gives you a report of the "surprising" file
changes, and you get to decide whether you care. Naturally, this is
configurable.
Is it available
for NT Server 4, NT
Workstation 4, DEC Unix, Solaris?
Yes, yes, probably, and yes: http://www.tripwiresecurity.com/
Crispin
-----
Crispin Cowan, Research Assistant Professor of Computer Science, OGI
NEW: Protect Your Linux Host with StackGuard'd Programs :FREE
http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/
Support Justice: Boycott Windows 98
 By Date 
By Thread
Current thread:
- RE: OK, I've been hacked, now what?, (continued)
- RE: OK, I've been hacked, now what? Peter Mayne (May 12)
- FW: OK, I've been hacked, now what? kevin . sheldrake (May 13)
- Re: FW: OK, I've been hacked, now what? Asmodeus (May 16)
- Re: FW: OK, I've been hacked, now what? Joseph S D Yao (May 16)
- Re: FW: OK, I've been hacked, now what? Crispin Cowan (May 16)
- Re: FW: OK, I've been hacked, now what? Lance Spitzner (May 16)
- Re: FW: OK, I've been hacked, now what? Cohen Liota (May 16)
- Re: FW: OK, I've been hacked, now what? dreamwvr (May 16)
|
Intro
