On Mon, Apr 01, 2002 at 12:12:11PM -0800, Devin Kowatch wrote: > You are right here, I was assuming (without realizing it) that the > machine A would be generating the hash, and sending it to the log server L. > And that L would not be keeping it's own hash. There are still > problems when the machine that is attacked is not logging to a remote > log server (as in the case of the central log server). Well, yes; that's why you have everything log to a pair of independent loghosts that don't have any trust relationship with each other but that also log local info to each other and that burn their data to WORM media in near-real-time. (Then you go looking for another job because you just got fired for blowing the entire IT budget on log infrastructure. :) ) -- Sweth. -- Sweth Chandramouli Idiopathic Systems Consulting svcat_private http://www.idiopathic.net/ --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Mon Apr 01 2002 - 14:31:41 PST