preparing for case of emergency
hello!
I have done my best to make my firewall/router secure according to
several security howtos (in this place, many thanks to the authors of
the debian security howto). I think I am really getting into this
"security stuff" :)
I am running a not very busy website and ftp-server, so I can afford to
receive snort alarms in realtime via email to my internal account,
because there aren't many. Due to work, I spend a lot of time at this
account, so chances are high that I am present when an attack is done.
My question now is, what can I really do in realtime against an ongoing
attack? Are there any interesting reads, I wasn't able to find?
Many thanks for your help!
Klaus
Reply to: