Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Howcan i be notified if one is launching a outbound attack from my box
- Thread starter owenbrown
- Start date
Well...
If your server has been compromised to the point that people use it to attack others by proxy, then any kind of warnings you will send to yourself could have already been neutralised if the attackers have half a brain or aren't from the ranks of the script kiddies.
It depends where the hell is your box in the network architecture. An IDS could notify you if the box was acting up if there's rules for weird/anomalous activities.
Since i mostly deal with unix stuff, i can tell you that when someone runs a rootkit on your ass, you ARE grass, and pretty much nothing from the compromised machine can be trusted ( amongs other things, because most rootkits replace system utilities by compromised versions that will lie to you and make it all appear that everything is normal, and fine, and dandy, thank you very much ^_^ )
That's my take on it.
_____________________________
when someone asks for your username and password, and much *clickely clickely* is happening in the background, know enough that you should be worried.
If your server has been compromised to the point that people use it to attack others by proxy, then any kind of warnings you will send to yourself could have already been neutralised if the attackers have half a brain or aren't from the ranks of the script kiddies.
It depends where the hell is your box in the network architecture. An IDS could notify you if the box was acting up if there's rules for weird/anomalous activities.
Since i mostly deal with unix stuff, i can tell you that when someone runs a rootkit on your ass, you ARE grass, and pretty much nothing from the compromised machine can be trusted ( amongs other things, because most rootkits replace system utilities by compromised versions that will lie to you and make it all appear that everything is normal, and fine, and dandy, thank you very much ^_^ )
That's my take on it.
_____________________________
when someone asks for your username and password, and much *clickely clickely* is happening in the background, know enough that you should be worried.
Agreed that once a machine is compromised, it's usually better to clean install to make sure it's clean.
A good software firewall will usually keep pretty good tabs on outbound activity.
A good software firewall will usually keep pretty good tabs on outbound activity.
- Status
Similar threads
- Locked
- Question