--=_courier-20887-1048544517-0001-2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Has anyone tested to see if "Snare" from intersectalliance.com can
detect someone executing a ptrace attack? An old company I used to work
for has a number of production kernels out and can't just upgrade them
all over night so they need a good detection method and short-term fix
if possible. In the past we had evaluated Snare which I pointed him to
but we're not sure if/how it might detect such an attack.
Thoughts/Theories?
Robert
:wq!
---------------------------------------------------------------------------
Robert L. Harris | PGP Key ID: E344DA3B
@ x-hkp://pgp.mit.edu=20
DISCLAIMER:
These are MY OPINIONS ALONE. I speak for no-one else.
Diagnosis: witzelsucht =09
IPv6 =3D robert@ipv6.rdlg.net http://ipv6.rdlg.net
IPv4 =3D robert@mail.rdlg.net http://www.rdlg.net
--=_courier-20887-1048544517-0001-2
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+f4Sr8+1vMONE2jsRArBvAKC/AdKs8eMRb9v/ZYskT3/IMl2hOwCfcbRS
nJroFZXXEq5oMr3xI6Cau+w=
=g7G2
-----END PGP SIGNATURE-----
--=_courier-20887-1048544517-0001-2--