On Wed, Nov 20, 2002 at 10:54:24AM +0100, Guy.Bormann wrote: > (*)One that comes out in the open, that is. A really smart hacker would > leave services intact after the initial break-in. Since named crashes once > in a while anyway, nothing but excellent an NIDS can distinguish an attack > from a "genuine" crash. It is tempting to believe that there are already a > bunch of servers compromised and silently serve as cloaks for other attacks.
Huh? I haven't had BIND crash on me in a very very very long time. -- Ben Reser <[EMAIL PROTECTED]> http://ben.reser.org "If you're not making any mistakes, you're flat out not trying hard enough." - Jim Nichols
