Jose Nazario <joseat_private> writes: > i wanted to ask if anyone know of any tools that explicitely are > designed to basically hack logfiles but without getting access to > the system (ie rm -f /var/log/SYSLOG). what you do is you abuse the > server's respect of the backspace character to overwrite your > malicious request with a more normal looking one. Apache just writes all log output to the appropriate file descriptor. So a hacker can't hide things as long as we use a viewer that doesn't process backspaces, especially across line boundaries, e.g.: less -U /var/www/logs/access_log Grepping for funny characters in logfiles that don't normally contain them is part of basic IDS, no? --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 11:17:08 PDT