On Sun, Aug 14, 2011 at 4:33 AM, Alejandro Imass <a...@p2ee.org> wrote: > There you go! How do you actually know if you've had actual breaches > if you don't follow up on the logs and spend actual __hours__ doing > that? How do you know your servers are not root-kitted? I had an > experience with a Linux server once and it was root-kitted for a long > time before we ever noticed. It was only after following up an attack > that was reported to us by another party from our server that we > actually realized that server was compromised.
Rethink how you're doing your monitoring. Scanning incoming packets for attacks is tedious because you capture lots of unsuccessful attacks that you can't really do anything about. You'd be better off watching outgoing packets for unusual activity or responses that indicate a successful attack. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"