Re: preparing for case of emergency

To: kkoch@kxsu.de,
Cc: debian-security@lists.debian.org,
Subject: Re: preparing for case of emergency
From: Phillip Hofmeister <plhofmei@svsu.edu>
Date: Mon, 11 Feb 2002 09:27:48 -0500
Message-id: <[🔎] 1013437668.9becd700plhofmei@svsu.edu>

If you are physically present when an attack is happening and doing the following won't adversly affect any bussiness transactions, simply unplug the NIC until you can figure out what he did and secure the box.  Disabling the network at layer 1 is the only true way to keep the attacker out of the compromised box.

Phil

-----Original Message-----
From: Klaus Koch <kkoch@kxsu.de>
To: debian-security@lists.debian.org
Date: Mon, 11 Feb 2002 11:26:57 +0100
Subject: preparing for case of emergency

hello!

I have done my best to make my firewall/router secure according to 
several security howtos (in this place, many thanks to the authors of 
the debian security howto). I think I am really getting into this 
"security stuff" :)
I am running a not very busy website and ftp-server, so I can afford to 
receive snort alarms in realtime via email to my internal account, 
because there aren't many. Due to work, I spend a lot of time at this 
account, so chances are high that I am present when an attack is done.
My question now is, what can I really do in realtime against an ongoing
attack? Are there any interesting reads, I wasn't able to find?

Many thanks for your help!

Klaus

--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Prev by Date: Re: hosts deny, alow
Next by Date: Re: How to modify SSH2 prompt message?
Previous by thread: Re: preparing for case of emergency
Next by thread: Re: hosts deny, alow
Index(es):
- Date
- Thread