| To: | pen-test@securityfocus.com |
|---|---|
| Subject: | analysis after hack - marks and tracks you can see.. |
| From: | D.K. <dunkeeper@gmail.com> |
| Date: | Mon, 25 Jun 2007 01:11:59 +0200 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | pentest-list2@consult.net |
| Delivered-to: | mailing list pen-test@securityfocus.com |
| Delivered-to: | moderator for pen-test@securityfocus.com |
| Dkim-signature: | a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=cXdM0sOBDznfdLdrO9AZve72wixDgFaAw+Ywk2dXyn37Pg24kGNsJBqnFD4H/0hDkuvYJc8+GL+EA/kkGi68hpByJRRe/0CeUlr/YOID1nASYtTstcptPOmJ8W7x7EuY3UpM0mtDhzjwb30CbT5KyPWHxaNhbBGGFPFsceLL5g0= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=EIbEpaWoecEn63zO66FLyCffnSazWC+UYWvO03sOyXut3G1VG5sWwGFYHY4wWpoaxuMafZTdtjsgyalRkf8dVXQr+KePBgpfCRA4dvQt6KStbra3DMCyM0vyz9yHBwOSukQfKvNPTyHA+SOAyl93Cif9jFoZ2XsRh+99iTblZxI= |
| List-help: | <mailto:pen-test-help@securityfocus.com> |
| List-id: | <pen-test.list-id.securityfocus.com> |
| List-post: | <mailto:pen-test@securityfocus.com> |
| List-subscribe: | <mailto:pen-test-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:pen-test-unsubscribe@securityfocus.com> |
| Mailing-list: | contact pen-test-help@securityfocus.com; run by ezmlm |
| Resent-date: | Mon, 25 Jun 2007 18:22:17 -0600 (MDT) |
| Resent-from: | pen-test-return-1078484456@securityfocus.com |
| Resent-message-id: | <20070626002217.DC1BD143FDC@outgoing2.securityfocus.com> |
| Resent-sender: | listbounce@securityfocus.com |
| Sender: | listbounce@securityfocus.com |
Hi all, I want to open a discussion about [old||new||newest] methods in detection of "attendance an intruder in linux system". In general I'm interested in subject of analysis after hack, especially - what kind of a marks/track intruder leaves after himself. Where an administrator should look and for what he should looking for. What are typical and non typical signals which can say anybody who shouldn't is/was in the system. If anybody can describe for me methods and give real examples of use a method of discovering a intruder and a examples of a activity of an intruder and examples of marks and tracks which was or can be leave in a system I would be grateful Thank you for all responses ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------ |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: listening to people/offices when on-hold on the phone, Robin Wood |
|---|---|
| Next by Date: | Re: pen testing flash games., Jay |
| Previous by Thread: | pen testing flash games., zimblyzuper |
| Next by Thread: | Port Scanning Issues, crumdub12 |
| Indexes: | [Date] [Thread] [Top] [All Lists] |