AW: [logs] Fight Back

• Previous message: abhinav tiwari: "[logs] syslog.conf"
• Next in thread: Ganu Skop: "[logs] what is normal ?"
• Reply: Ganu Skop: "[logs] what is normal ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

it is good to know what is normal and what not, but not many users (or
"security experts") know that.
but such log analysis requires lots of time and research. I very much
doubt that there are many companies that have sufficient people for the
job who have sufficient time to do research and investigation (if you
know of any let me know as I'd like to work for them)

windows is pretty painful for log analysis and from the info in sec
eventlog you can't judge if it's an attack or just a misbehavior.
Therefore the list is very useful to have, as people don't have to
reinvent the wheel and solve the prob much sooner.


lubo

-----Ursprüngliche Nachricht-----
Von: Ganu Skop [mailto:skopganuat_private]
Gesendet: Mittwoch, 23. Oktober 2002 08:01
An: WindexKing; loganalysisat_private
Betreff: Re: [logs] Fight Back



I'm pretty much depend on looking for what is not
normal (!=normal) so that I could be able to define if
there is an attack or recon or etc.
Isn't that good if someone have s'thing like what is
normal and what is not normal ?


--- WindexKing <WindexKing@mor-lan-d.com> wrote:
> 
> > --- Ganu Skop <skopganuat_private> wrote:
> >>I really would love to know what tool the
>  >>intruder used. any idea ?
> 
> I'm interested in something which I think
> is at least slightly similar.
> 
> I spend a fair bit of time doing OS log
> analysis mostly for NT/W2K servers. One
> of the things I've been doing is trying
> to build up a list of scenarios which
> cause "attack" patterns within the Sec
> Logs.
> 
> Although, I'm wondering if such a list is
> a good idea. I'd appreciate any feedback
> from the list about the potential benefits
> or drawbacks of such a list.
> 
> W 
> K
> 
> 
> 
> 
> 
> 
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysisat_private
> http://lists.shmoo.com/mailman/listinfo/loganalysis


__________________________________________________
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis
 
 

*********************************************************** 
Oktober-Aktion bei STAR 21 NETWORKS 
*********************************************************** 

INTERNET ACCESS 3 und 6 Mbit/s vier Wochen gratis

STAR 21 NETWORKS bietet allen Kunden, die sich im Monat
Oktober für 3 oder 6 Mbit/s INTERNET ACCESS von
STAR 21 NETWORKS entscheiden, die ersten vier Wochen
Nutzung gratis.

Alle weiteren Infos zu dieser Aktion unter: 
www.star21networks.de <http://www.star21networks.de/> , infoat_private
<mailto:infoat_private>  oder ueber
unsere Service Hotline Tel. 0 800 - 1 00 73 40.


_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Marcus J. Ranum: "Re: [logs] Secure Central Log Host"
• Previous message: abhinav tiwari: "[logs] syslog.conf"
• Next in thread: Ganu Skop: "[logs] what is normal ?"
• Reply: Ganu Skop: "[logs] what is normal ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Oct 25 2002 - 09:27:40 PDT