[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Layering an IDS on Linux - prepwork

From: Alan Cox <alan redhat com>
To: Development discussions related to Fedora Core <fedora-devel-list redhat com>
Subject: Re: Layering an IDS on Linux - prepwork
Date: Sun, 5 Aug 2007 16:06:50 -0400

On Sun, Aug 05, 2007 at 04:31:48PM +0200, Miloslav Trmac wrote:
> Repeated SIGABRT terminations might indicate an ongoing DoS attack, but
> isolated SIGABRT terminations need to be ignored, IMHO.

They probably want logging. You only need one attack. But you want to
log an abort/core dump of any system service/process anyway - because it
shouldn't be aborting and the dumb will be good gdb food

Alan

Follow-Ups:
- Re: Layering an IDS on Linux - prepwork
  - From: Arjan van de Ven

References:
- Layering an IDS on Linux - prepwork
  - From: Steve G
- Re: Layering an IDS on Linux - prepwork
  - From: Miloslav Trmac

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]