Hi Jeff Newmiller wrote the following at 08:37 30.06.2002: >On Sat, 29 Jun 2002, Richard Amerman wrote: > > > All logging should idealy be done off site using a syslog deamon. > >Agreed. > > > The most important thing is not to have a breach and second to fix > > weaknesses. In this situation flushing the memory IS the best > > solution to insure this, though it is not the only one, and would > > rarely be that practicle or worth the hastle. > >Absolutely disagree. Rebooting is a waste of time. If there is a way in, >rebooting does nothing to prevent repetition. If there is not, rebooting >serves no purpose. If you are faced with a break-in in-progress, you need >to disable external network access until the problem is rectified... not >reboot.
Agreed, but now we have to see how we can stop such a skillful attacker. How can we protect the RAM disks from someone determined enough to upload and execut code bytewise. Anyone can fingerprint the IP stack and scan our system for loopholes. Some firewall products detect this and drop the IP of the attacker immediately until reboot. Do we have such a feature? regards Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html