analysis after hack - marks and tracks you can see..

From: D.K. (dunkeeper@gmail.com)
Date: Sun Jun 24 2007 - 19:11:59 EDT


Hi all,
I want to open a discussion about [old||new||newest] methods in
detection of "attendance an intruder in linux system".
In general I'm interested in subject of analysis after hack,
especially - what kind of a marks/track intruder leaves after himself.
Where an administrator should look and for what he should looking for.
What are typical and non typical signals which can say anybody who
shouldn't is/was in the system.
If anybody can describe for me methods and give real examples of use a
method of discovering a intruder and a examples of a activity of an
intruder and examples of marks and tracks which was or can be leave in
a system I would be grateful
Thank you for all responses

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:54 EDT