can i make a conclusion that anything that is not in rfc is not normal ? --- Lubomir.Nistorat_private wrote: > it is good to know what is normal and what not, but > not many users (or > "security experts") know that. > but such log analysis requires lots of time and > research. I very much > doubt that there are many companies that have > sufficient people for the > job who have sufficient time to do research and > investigation (if you > know of any let me know as I'd like to work for > them) > > windows is pretty painful for log analysis and from > the info in sec > eventlog you can't judge if it's an attack or just a > misbehavior. > Therefore the list is very useful to have, as people > don't have to > reinvent the wheel and solve the prob much sooner. > > > lubo > > -----Ursprüngliche Nachricht----- > Von: Ganu Skop [mailto:skopganuat_private] > Gesendet: Mittwoch, 23. Oktober 2002 08:01 > An: WindexKing; loganalysisat_private > Betreff: Re: [logs] Fight Back > > > > I'm pretty much depend on looking for what is not > normal (!=normal) so that I could be able to define > if > there is an attack or recon or etc. > Isn't that good if someone have s'thing like what is > normal and what is not normal ? > > > --- WindexKing <WindexKing@mor-lan-d.com> wrote: > > > > > --- Ganu Skop <skopganuat_private> wrote: > > >>I really would love to know what tool the > > >>intruder used. any idea ? > > > > I'm interested in something which I think > > is at least slightly similar. > > > > I spend a fair bit of time doing OS log > > analysis mostly for NT/W2K servers. One > > of the things I've been doing is trying > > to build up a list of scenarios which > > cause "attack" patterns within the Sec > > Logs. > > > > Although, I'm wondering if such a list is > > a good idea. I'd appreciate any feedback > > from the list about the potential benefits > > or drawbacks of such a list. > > > > W > > K > > > > > > > > > > > > > > _______________________________________________ > > LogAnalysis mailing list > > LogAnalysisat_private > > > http://lists.shmoo.com/mailman/listinfo/loganalysis > > > __________________________________________________ > Do you Yahoo!? > Y! Web Hosting - Let the expert host your web site > http://webhosting.yahoo.com/ > _______________________________________________ > LogAnalysis mailing list > LogAnalysisat_private > http://lists.shmoo.com/mailman/listinfo/loganalysis > > > > *********************************************************** > > Oktober-Aktion bei STAR 21 NETWORKS > *********************************************************** > > > INTERNET ACCESS 3 und 6 Mbit/s vier Wochen gratis > > STAR 21 NETWORKS bietet allen Kunden, die sich im > Monat > Oktober für 3 oder 6 Mbit/s INTERNET ACCESS von > STAR 21 NETWORKS entscheiden, die ersten vier Wochen > Nutzung gratis. > > Alle weiteren Infos zu dieser Aktion unter: > www.star21networks.de > <http://www.star21networks.de/> , infoat_private > <mailto:infoat_private> oder ueber > unsere Service Hotline Tel. 0 800 - 1 00 73 40. > > > _______________________________________________ > LogAnalysis mailing list > LogAnalysisat_private > http://lists.shmoo.com/mailman/listinfo/loganalysis ===== //skopganu __________________________________________________ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue Oct 29 2002 - 09:53:37 PST