Unsure of log report entry

Dustin Decker dustin.decker at 1on1security.com
Tue Oct 12 11:27:15 CDT 2004


> -----Original Message-----
> From: kclug-bounces at kclug.org [mailto:kclug-bounces at kclug.org] On Behalf
> Of Brian Densmore
> Sent: Tuesday, October 12, 2004 11:02 AM
> To: kclug at kclug.org
> Subject: RE: Unsure of log report entry
> 
> Like I was saying it's hard to say if he's been hacked,
> from this one message. Obviously he has been hit with
> scan, either automated or manually, to determine if
> there is a weakness in his system or not. I suspect a deeper
> look in the log files might dig up more information. It
> could just have been a harmless scan that someone dig to see
> what happens when you scan someone. Or it could be more sinister.

Which is why I asked the question that I did.  This is the fun part of
administration, where we gat to play strategist.  (Not entirely unlike what
lots of three-letter agencies do, and the results are similar if you ask
me.)

What's the most important thing you can do with the limited information at
hand?  Place it into context.  Obviously, I can speculate all I like, but in
the absence of more information cannot provide any more information than I
have.  Alas, this is what was asked for.

D.




More information about the Kclug mailing list