I'm pretty much depend on looking for what is not normal (!=normal) so that I could be able to define if there is an attack or recon or etc. Isn't that good if someone have s'thing like what is normal and what is not normal ? --- WindexKing <WindexKing@mor-lan-d.com> wrote: > > > --- Ganu Skop <skopganuat_private> wrote: > >>I really would love to know what tool the > >>intruder used. any idea ? > > I'm interested in something which I think > is at least slightly similar. > > I spend a fair bit of time doing OS log > analysis mostly for NT/W2K servers. One > of the things I've been doing is trying > to build up a list of scenarios which > cause "attack" patterns within the Sec > Logs. > > Although, I'm wondering if such a list is > a good idea. I'd appreciate any feedback > from the list about the potential benefits > or drawbacks of such a list. > > W > K > > > > > > > _______________________________________________ > LogAnalysis mailing list > LogAnalysisat_private > http://lists.shmoo.com/mailman/listinfo/loganalysis __________________________________________________ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Oct 24 2002 - 17:37:32 PDT