[H-GEN] Debian v Mandrake

Bradley Marshall zzbramar at uqconnect.net
Thu Mar 21 00:06:50 EST 2002


[ Humbug *General* list - semi-serious discussions about Humbug and  ]
[ Unix-related topics.  Please observe the list's charter.           ]
[ Worthwhile understanding: http://www.humbug.org.au/netiquette.html ]

On Thu, 21 Mar 2002, Anthony Towns wrote:
> Yeah, but _attacks_ that are specific to an OS aren't, and attacks are
> what you can log, and what Greg was claiming to be logging. Which seems
> pretty fair. (Although identifying the OS that's being targetted is
> probably a fair chunk harder than identifying the app. I for one'd be
> interested to see how you might do that, or just what logging/analysis
> people do in general...)

I'd imagine it would be quite hard to do - how can you
identify from looking at a port connection attempt if the
exploit was for Linux, FreeBSD or whatever?  I suppose you
could have a program listening on the port that monitored
what it was doing, but it seems a bit unlikely that most
people would be doing so.

Thanks,
Brad
         +=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
         | Bradley Marshall    | http://www.uq.net.au/~zzbramar |
         | System/Network Admin|      brad at humbug.org.au        |
         | Plugged In Software |    bmarshal at pisoftware.com     |
	 +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+
 ``I'm not ashamed.  Its the computer age.  Nerds are in.'' - Willow (BtVS)



--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.



More information about the General mailing list