|

System intrusion and detection

View: New views

5 Messages — Rating Filter: Alert me

	System intrusion and detection by skommar21 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi All, How can one detect/ Check whether his system has been intruded? can any body please explain the task / activities required to check whether his system has been compromised. Are there any good open source software which are good detecting sypware, Mal ware and other forms which are threat to data . Thanks sridhar
	Re: System intrusion and detection by Saifi Khan-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Sat, 4 Jul 2009, skommar21 wrote: > Hi All, > > How can one detect/ Check whether his system has been > intruded? > > > can any body please explain the task / activities required to > check whether his system has been compromised. > > > Are there any good open source software which are good > detecting sypware, Mal ware and other forms which are threat > to data . > > Thanks sridhar > Yes, one can ! You need to run a Intrusion detection system like - Bro, Prelude or Snort, depending on the deployment architecture. The first task or activity you need to do, to do investigation or forensics on the system is to take it offline and shut it down. Next step would be to mount the disk of the system externally and start the investigations . review of logs . service confs etc. What exactly is the situation you are facing ? thanks Saifi.
	Re: System intrusion and detection by Navneet Thillaisthanam :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message You can also try a HIDS (Host-based IDS) like Ossec. It differs from Snort (NIDS) by analysing logs instead of network traffic like Snort. So you see they look at different things for detection. Ossec is client-server model that is available for Linux and Windows. The last time I worked with it, there was only a client version for Windows. So to monitior a Windows system you need a Ossec server installed somewhere else. Navneet > On Sat, 4 Jul 2009, skommar21 wrote: > > > Hi All, > > > > How can one detect/ Check whether his system has been > > intruded? > > > > > > can any body please explain the task / activities required to > > check whether his system has been compromised. > > > > > > Are there any good open source software which are good > > detecting sypware, Mal ware and other forms which are threat > > to data . > > > > Thanks sridhar > >
	Re: System intrusion and detection by skommar21 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi Saifi, My problem is spam is generated from my email system from the pool of address allocated. Even though we do not use all the IP addresses form the pool of addresses it specifically generating spam form one of my system and ISP complained that he is receiving lot of complaints regarding this as a result he has blocked SMTP port as result of which i am missing out any cleint emails. Any help will be greatly apprecieated. Thanks Sridhar Reddy On Sun, Jul 5, 2009 at 12:41 PM, Saifi Khan <saifi.khan@...>wrote: > > > On Sat, 4 Jul 2009, skommar21 wrote: > > > Hi All, > > > > How can one detect/ Check whether his system has been > > intruded? > > > > > > can any body please explain the task / activities required to > > check whether his system has been compromised. > > > > > > Are there any good open source software which are good > > detecting sypware, Mal ware and other forms which are threat > > to data . > > > > Thanks sridhar > > > > Yes, one can ! > > You need to run a Intrusion detection system like - Bro, Prelude > or Snort, depending on the deployment architecture. > > The first task or activity you need to do, to do investigation > or forensics on the system is to take it offline and shut it > down. Next step would be to mount the disk of the system > externally and start the investigations > . review of logs > . service confs > etc. > > What exactly is the situation you are facing ? > > thanks > Saifi. > > [Non-text portions of this message have been removed]
	Re: System intrusion and detection by Saifi Khan-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Mon, 6 Jul 2009, sridhar Reddy wrote: > Hi Saifi, > > My problem is spam is generated from my email system from the pool of > address allocated. > > Even though we do not use all the IP addresses form the pool of addresses > it specifically generating spam form one of my system and ISP complained > that he is receiving lot of complaints regarding this as a result he has > blocked SMTP port as result of which i am missing out any cleint emails. > > > Any help will be greatly apprecieated. > > Thanks > Sridhar Reddy > Hi Sridhar: SMTP relay is what makes the email systems tick and so all SMTP servers need to accept SMTP requests. However, what you can do, is configure your SMTP server to use 'SMTP AUTH with STARTTLS'. Hope this helps. thanks Saifi.