Re: [logs] Fight Back

• Previous message: Rainer Gerhards: "[logs] Secure Central Log Host"
• In reply to: H C: "Re: [logs] Fight Back"
• Next in thread: Ganu Skop: "Re: [logs] Fight Back"
• Next in thread: Jose Nazario: "Re: [logs] Fight Back"
• Reply: Ganu Skop: "Re: [logs] Fight Back"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> --- Ganu Skop <skopganuat_private> wrote:
>>I really would love to know what tool the
 >>intruder used. any idea ?

I'm interested in something which I think
is at least slightly similar.

I spend a fair bit of time doing OS log
analysis mostly for NT/W2K servers. One
of the things I've been doing is trying
to build up a list of scenarios which
cause "attack" patterns within the Sec
Logs.

Although, I'm wondering if such a list is
a good idea. I'd appreciate any feedback
from the list about the potential benefits
or drawbacks of such a list.

W 
K






_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Lubomir.Nistorat_private: "AW: [logs] Secure Central Log Host"
• Previous message: Rainer Gerhards: "[logs] Secure Central Log Host"
• In reply to: H C: "Re: [logs] Fight Back"
• Next in thread: Ganu Skop: "Re: [logs] Fight Back"
• Next in thread: Jose Nazario: "Re: [logs] Fight Back"
• Reply: Ganu Skop: "Re: [logs] Fight Back"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Oct 19 2002 - 07:07:28 PDT