RE: [logs] RE: NT Event Log and Web Server Attacks

• Previous message: swatch swatch: "Re: [logs] swatchrc file"
• Maybe in reply to: Eric Fitzgerald: "[logs] RE: NT Event Log and Web Server Attacks"
• Next in thread: H C: "RE: [logs] RE: NT Event Log and Web Server Attacks"
• Next in thread: Kevin W. Gagel: "Re: [logs] RE: NT Event Log and Web Server Attacks"
• Reply: H C: "RE: [logs] RE: NT Event Log and Web Server Attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Instead of reacting to an incident after it has
> happened, try preventing the incident, or making it
> difficult for an incident to actually occur.

I fully agree on this. BUT: we all know we can not totally prevent an
intrusion. So I am trying to setup some basic (near-real time) rules
that will notify you when your other efforts have been broken. This is
why I see "you hopefully will never see this event".

Rainer
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Kevin W. Gagel: "Re: [logs] RE: NT Event Log and Web Server Attacks"
• Previous message: swatch swatch: "Re: [logs] swatchrc file"
• Maybe in reply to: Eric Fitzgerald: "[logs] RE: NT Event Log and Web Server Attacks"
• Next in thread: H C: "RE: [logs] RE: NT Event Log and Web Server Attacks"
• Next in thread: Kevin W. Gagel: "Re: [logs] RE: NT Event Log and Web Server Attacks"
• Reply: H C: "RE: [logs] RE: NT Event Log and Web Server Attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jan 18 2003 - 21:25:12 PST