[unisog] anyone heard of this?

John Kristoff jtk at depaul.edu
Mon Jan 28 19:57:30 GMT 2002


In addition to what others have said...

If you're so inclined, you might place some type of passive packet
capture device in-line or on a 'mirrored' port if its attached to a
switch.  If the box has been compromised, it may be nice to know where
the intrusion is coming from so you can keep an eye out for the source
talking to your other systems.  Or to get the source organization(s) to
cooperate in the mitigation/investigation.

While weak, you can also do some border/edge ip/protocol filtering to
limit the accessibility to/from the network and host(s).

John



More information about the unisog mailing list