Re: [logs] Re: Reliably detecting things like the SQL worm....

From: Nate Campi (nateat_private)
Date: Mon Jan 27 2003 - 14:34:59 PST

  • Next message: Martin Harriss: "Re: [logs] Re: Reliably detecting things like the SQL worm...."

    Rainer Gerhards(rgerhardsat_private)@Mon, Jan 27, 2003 at 09:47:03PM +0100:
    > The QoS is an interesting point. But back to my question: DID syslog
    > work under attack or not? Any experience or samples on that? I mean
    > real-world ones...
    Yes, mine did. My production networks have a "front" network for
    internet traffic, a "middle" net for server-to-server traffic, and a
    "back" net for administrative traffic. Syslog flowing over the
    administrative net (over TCP) was fine, even when the front-net might
    have been melting down (I'm not saying it was, that might be private
    OBTW, we'd probably be better with just a front-net and a mid-net, the
    extra burden of maintaining a third network doesn't really seem to be
    paying off (IMO, others around here may disagree).
    Nate Campi  Wired UNIX Operations  TerraLycos DNS Operations
    Perl - The only language that looks the same before and after RSA
    encryption.  -Keith Bostic  
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Mon Jan 27 2003 - 14:49:05 PST