Has anyone tested to see if "Snare" from intersectalliance.com can
detect someone executing a ptrace attack? An old company I used to work
for has a number of production kernels out and can't just upgrade them
all over night so they need a good detection method and short-term fix
if possible. In the past we had evaluated Snare which I pointed him to
but we're not sure if/how it might detect such an attack.
Thoughts/Theories?
Robert
:wq!
---------------------------------------------------------------------------
Robert L. Harris | PGP Key ID: E344DA3B
@ x-hkp://pgp.mit.edu
DISCLAIMER:
These are MY OPINIONS ALONE. I speak for no-one else.
Diagnosis: witzelsucht
IPv6 = robert@ipv6.rdlg.net http://ipv6.rdlg.net
IPv4 = robert@mail.rdlg.net http://www.rdlg.net
This archive was generated by hypermail 2b29 : Mon Mar 31 2003 - 22:00:17 EST