[plug] [Fwd: Re: David Conran's talk]

Sun Jun 11 05:28:18 WST 2000

Question I have is how does one detect if the network has been comprised?  I
check logs on a daily basis, but exactly what am I supposed to be looking
for?  Currently, I have seen certain spam attacks (eg undeliverable e-mail
from and to sites I know no one on the local lan uses), this I've seen with
relaying off.  All the Linux boxes I support have a virusscan application
that has control of the relays, so I've turned them off and only allow
certain networks through.  But other than that I have no way of telling what
else has attacked the sites. Any tools out there that can detect attacks of
different nature?

JLM

> -----Original Message-----
> From: Raven [mailto:ian.kent at pobox.com]
> Sent: Sunday, 11 June 2000 3:38
> To: plug at plug.linux.org.au
> Subject: [plug] [Fwd: Re: David Conran's talk]
>
>
>
> Hi all,
>
> Can everbody review this and send any comments to Daniel as he has
> asked.
>
> -------- Original Message --------
> Subject: Re: David Conran's talk
> Date: Fri, 09 Jun 2000 01:35:50 +0800
> From: Daniel Baldoni <dbaldoni at iinet.net.au>
> Organization: LcdS Pty. Ltd.
> To: Ian Kent <ian.kent at pobox.com>
> References: <39379AB5.CFAB7A66 at iinet.net.au>
> <393A1186.8884F3F1 at pobox.com>
>
> G'day again,
>
> >> I don't know if you're the right person to contact on this,
> but here goes.
> >>
> >> You may have heard about the seminar given by David Conran to a group
> >> meeting of PLUG and the WA chapters of AUUG and SAGE-AU (about 2 weeks
> >> ago).  I have written up a brief report on his talk and I'm
> going to submit
> >> it to the AUUGN journal and the SAGE Advice newsletter.  But,
> I thought the
> >> PLUG members might like to have a read.
> >
> > Yes and Yes!
>
> Okay, the attachment is a straight (7 bit) text version of the file I'm
> about
> to submit to AUUGN and SAGE Advice.  Feel free to publish it on PLUG's
> mailing
> list but note that PLUG must not claim copyright (as the document will
> also be
> appearing in two journals and on-line).  This same stipulation will be
> made to
> the editors of the journals.  FYI, the HTML version will (eventually) be
> at
> "http://www.lcds.com.au/waug/2000may.shtml" (after some slight site
> re-organisation).
>
> >> I can make available a text copy if you wish (for distribution
> on PLUG's
> >> mailing lists)...there will also be a HTML version on my
> company's web-site
> >> shortly.
> >
> > I will forward it to the mailing list and direct comments to you.
> >
> > Thanks for thinking of us.
>
> Not a problem - this type of information sharing can only benefit
> everybody
> and I'm glad to help.
>
> Ciao.
>
> --
> -------------------------------------------------------+----------
> -----------
> Daniel Baldoni BAppSc, PGradDipCompSci                 |  Technical
> Director
> require 'std/disclaimer.pl'                            |  LcdS Pty. Ltd.
> -------------------------------------------------------+  856B Canning
> Hwy
> Phone/FAX:  +61-8-9364-8171                            |  Applecross
> Mobile:     041-888-9794                               |  WA 6153
> URL:        http://www.lcds.com.au/                    |  Australia
> -------------------------------------------------------+----------
> -----------
> "Any time there's something so ridiculous that no rational systems
> programmer
>  would even consider trying it, they send for me."; paraphrased from
> "King Of
>  The Murgos" by David Eddings.  (I'm not good, just crazy)