[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: cracked? "rm uses obsolete (PF_INET,SOCK_PACKET)"

On Sun, 15 Jun 2003, eyem wrote:
> > Good luck... The only good thing about being compromised is that it
> > makes you more paranoid about being on the net. 
> paranoid I now am!!
> I always found the concept of script kiddies amusing ... but if I ever found 
> this guy I'd ring his neck. Is there any way I can track him down ? (I have 
> already backed up some stuff and wiped my hard drive)
> After following the debian "how to secure your system" instructions, I would 
> like to go a step further and install snort or something. Is that going too 
> far? ... is snort the relevant thing ?

  You must understand that Snort, ACID or any other IDS setup does not
provide any protection against threats. They just monitor what takes
place in the network.

  To really protect against break-ins, install a system monitor. There
are few Tripwire-like programs. Tiger is a set of scripts, AIDE is
perhaps the best known, Samhain is the one I've been eyeing myself.

  You won't get the same level of protection than simply unplugging the
boxes, but - when used properly - you should get a comprehensive listing
of what exactly has been changed in the system. At least makes the
rebuilding process a bit less brutal experience.

 Mika Boström      +358-50-410-9042  \-/  "The Hell is empty,
 Bostik@lut.fi    www.lut.fi/~bostik  X    and all the devils
 Security freak, and proud of it.    /-\   are here." -W.S.

Attachment: pgpTD02QyMpz2.pgp
Description: PGP signature

Reply to: