On Wed, 12 Apr 2006, Jason Etchason wrote:

> Once I get home from work today, I want to be able to bring my system back
> up, but not before I am certain I have closed off all vulnerabilities.  Then
> I'd also like to setup some form of IDS, but I do not know if that is above
> my skill level.  Of course, I gotta learn some time, so I might as well now?

You may want to reinstall the operating system from scratch. Tracking down 
vulnerable files can be difficult, especially if you don't have a 
specification covering all the attributes and metadata about the files on 
your system.

Also in many cases, there may be kernel modules or compromised tools that 
make it difficult to analyze and recover. You may want to use a LiveCD or 
rescue disk to help analyze your system.

As for an IDS, you have many options to think about: real-time scanning of 
network activity, proactively blocking or just alerting, and 
after-the-fact detection (like log checkers and file integrity checking).

 Jeremy C. Reed

echo '9,J8HD,fDGG8B@?:536FC5=8@I;C5?@H5B0D@5GBIELD54DL>@8L?:5GDEJ8LDG1' |\
sed ss,s50EBsg | tr 0-M 'p.wBt SgiIlxmLhan:o,erDsduv/cyP'
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss