[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] How to locate SUID = root files?
- Subject: Re: [cobalt-security] How to locate SUID = root files?
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Thu, 22 Mar 2001 14:06:40 +0100
- Organization: Forumworld.com
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Jason,
> I don't have an answer but how do you recognise when you have been
> port-scanned?
I use a tool called Portsentry (www.psionic.com). It can detect, report and
block portscans. However, the usage of portsentry is usually frowned upon by
some very vocal list members here.
Portsentry CAN be useful, but chances are that you lock yourself out of your
server if Portsentry is configured to block portscans. So far this happened
twice to me, but I use a dial-up connection without static IP to connect to
the internet. So I just cut the connection, dial back in so that my office
computer gets a new IP and then I remove the block of my old IP.
Portsenty is usually used in conjunction with Logwatch (from the same
company). That particular tool checks the logfiles for fishy activity and
reports them by email. Bound to a cronjob you can let it generate reports as
often as you'd like to have them. Logwatch needs to be customized a little as
the logfiles generated by RaQ3s are somewhat different from what it
originally expects.
--
Mit freundlichen Grüßen / Best regards
Michael Stauber
Stauber Multimedia Design ____ Phone: +49-6471-923812
Hauptstrasse 31 _________________ FAX: +49-6471-923813
D-56244 Goddert ____________________ michael@xxxxxxxxxxxxxx
Germany
SMD.NET _______ SOLARSPEED.NET _______ FORUMWORLD.COM