[unisog] anyone heard of this?
jtk at depaul.edu
Mon Jan 28 19:57:30 GMT 2002
In addition to what others have said...
If you're so inclined, you might place some type of passive packet
capture device in-line or on a 'mirrored' port if its attached to a
switch. If the box has been compromised, it may be nice to know where
the intrusion is coming from so you can keep an eye out for the source
talking to your other systems. Or to get the source organization(s) to
cooperate in the mitigation/investigation.
While weak, you can also do some border/edge ip/protocol filtering to
limit the accessibility to/from the network and host(s).
More information about the unisog