On Sun, 15 Jun 2003, eyem wrote: > > > Good luck... The only good thing about being compromised is that it > > makes you more paranoid about being on the net. > > paranoid I now am!! > > I always found the concept of script kiddies amusing ... but if I ever found > this guy I'd ring his neck. Is there any way I can track him down ? (I have > already backed up some stuff and wiped my hard drive) > > After following the debian "how to secure your system" instructions, I would > like to go a step further and install snort or something. Is that going too > far? ... is snort the relevant thing ? You must understand that Snort, ACID or any other IDS setup does not provide any protection against threats. They just monitor what takes place in the network. To really protect against break-ins, install a system monitor. There are few Tripwire-like programs. Tiger is a set of scripts, AIDE is perhaps the best known, Samhain is the one I've been eyeing myself. You won't get the same level of protection than simply unplugging the boxes, but - when used properly - you should get a comprehensive listing of what exactly has been changed in the system. At least makes the rebuilding process a bit less brutal experience. -- Mika Boström +358-50-410-9042 \-/ "The Hell is empty, Bostik@lut.fi www.lut.fi/~bostik X and all the devils Security freak, and proud of it. /-\ are here." -W.S.
Description: PGP signature