>> Does anyone have a list of common firewall log entries that show
>> that a firewall is being attacked, and what kind of attack the log
>> entries represent?
>> If so, I would be grateful if you could e-mail a copy to me at
>> adamsb @
>> Posting the log entries on the list might not be appropriate, as
>> the alt.2600/#Hack FAQ recommends that crackers subscribe to this
> I can't argue appropriateness, I happen to agree that posting of
> such logs would not be too cool. However, we always need to
> remember that security by ignorance isn't. Never assume that
> limiting posts of in-depth technical analysis will limit the number
> of crackers or the ability of those that exist. I think that the
> information in the logs could be used to compile recommendations
> for implementors of firewalls without publishing lengthy logs with
> blow by blow attacks.
> Dion Stempfley
I've been on the list for a while, and this is my first posting.
First off, I'd like to apologise for full-quoting both of the
messages, but I thought that it would help to express my point.
I think that "publishing" the blow-by-blow logs would indeed be
useful to the home team, as it gives concrete examples of what should
be cause for alarm, and what is mere happenstance. I do not think
that those logs should be published verbatim, however. Judicious
name-changing should be considered mandatory.
I, for one, would very much like to see what the logs of an attack
look like, so that I can better serve the interests of the company
for which I work.
com 1973 Friendship Drive
Thomas Baden El Cajon, CA 92020 USA
Network Administrator +1 619 258 6539
Forte Hotels, Inc. +1 619 258 6409 fax