[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] IDS and established TCP/UDP sessions

Subject: [cobalt-security] IDS and established TCP/UDP sessions
From: Mike Jeffers <mjeffers@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 30 Nov 2001 22:48:44 -0600 (CST)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Being the fresh recipient of some jerk's root kit, I'm looking at
installing some intrusion detection software and am looking for some
comments and suggestions from others about their experience.

Although I haven't installed it yet, Snort is where I'm most likely
headed, but want to hear from you guys.

My second question is this:

If you don't know the PID, how do you kill an established TCP/UDP session
w/o rebooting the box? All netstat does is show you the current activity.


Thanks!

-Mike

Follow-Ups:
- RE: [cobalt-security] IDS and established TCP/UDP sessions
  - From: Peter Baldwin
- Re: [cobalt-security] IDS and established TCP/UDP sessions
  - From: Michael Stauber
- [cobalt-security] RAQ3 vulnerabilities
  - From: Martín Fiumara

Prev by Date: [cobalt-security] root kitted :(
Next by Date: [cobalt-security] who should own the /home/sites/home/users and /home/sites/home/web ?
Previous by thread: Re: [cobalt-security] root kitted :(
Next by thread: RE: [cobalt-security] IDS and established TCP/UDP sessions

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index