Intrusion Detection Systems mailing list archives

intruder clues

From: Jim.Meritt () wang com (Meritt, Jim)
Date: Mon, 24 Apr 2000 11:29:27 -0400


Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
If a corporation/organization/whatever has NOT implemented an IDS, what do
you (the reader specifically) look for/at during after-the-event intrusion
detection?

I'm looking for individual responses other than real-time clues (the system
isn't even connected to the network any more) and the multitude of log files
(a system may, or may not, have varied logging enabled)

_______________________
The opinions expressed above are my own.  The facts simply are and belong to
none. 
James W. Meritt, CISSP, CISA
Senior Secure Systems Engineer at Wang Government Services, Inc.

Current thread:

[Fwd: [Fwd: Fwd: Emergency...Pls Forward This To Everyone You Know]] madhurs () mahindrabt com (Apr 12)
- Re: [Fwd: [Fwd: Fwd: Emergency...Pls Forward This To Everyone You Know]] walter sulym (Apr 12)
- Re: [Fwd: [Fwd: Fwd: Emergency...Pls Forward This To Everyone You Know]] Ki.Ki.Ki...Kiran (Apr 23)
- IDS Focus Area at SecurityFocus.com Jensenne Roculan (Apr 24)
- intruder clues Meritt, Jim (Apr 24)
  - Re: intruder clues flynngn () jmu edu (Apr 24)
    - Re: intruder clues Philippe Bourgeois (Apr 25)
  - Re: intruder clues Lance Spitzner (Apr 25)
  - Scanning on tcp port 27374 Benninghoff, John (Apr 26)
    - Re: Scanning on tcp port 27374 Gary Flynn (Apr 27)
    - Re: Scanning on tcp port 27374 DPG (Apr 27)
    - Re: Part 2 Scanning on tcp port 27374 DPG (Apr 27)
    - strings in backdoor binaries Meritt, Jim (Apr 27)
    - Re: strings in backdoor binaries Anton Chuvakin (Apr 28)
    - Re: strings in backdoor binaries Gary Flynn (Apr 28)

(Thread continues...)