Attack Detection tools, was: RE: [TriLUG] attack
Joseph Tate
dragonstrider at gmail.com
Thu Feb 24 13:54:58 EST 2005
http://www.chkrootkit.org/
On Tue, 22 Feb 2005 22:47:43 -0500, Brian Henning
<lugmail at cheetah.dynip.com> wrote:
> This makes me stop and think...
>
> Although I've noticed absolutely no strange behavior from my server, heaven
> knows it's probably a wonderful candidate for being rooted.. It's running a
> pretty old version of Linux, and I know that the ipchains are at least
> partially broken (hopefully broken-safe rather than broken-wide-open, but
> exactly---"hopefully"), and hasn't been updated in ages.. And it's directly
> connected to the Internet (it IS the firewall).
>
> So with that in mind, what are people's favorite tools to use to detect
> intrusion? I've heard of "rootkit detection tools" but know shamefully
> little about them, so I'm very interested in folks' suggestions.
>
> As I already mentioned, I've no particular reason to believe I HAVE been
> hacked.. but no particular reason to feel secure that I HAVEN'T, either...
>
> Cheers,
> ~Brian
>
--
Joseph Tate
Personal e-mail: jtate AT dragonstrider DOT com
Web: http://www.dragonstrider.com
More information about the TriLUG
mailing list