Next: Slide 24
Up: Network Security
Previous: Slide 22
System Problem Symptoms
-
System crashes.
-
New user accounts, or high activity on a previously
low usage account.
-
New files (usually with novel or strange file names,
such as data.xx or k or .xx ).
-
Accounting discrepancies (in a UNIX system you might
notice the shrinking of an accounting file called
/usr/admin/lastlog, something that should make you very
suspicious that there may be an intruder).
-
Changes in file lengths or dates (a user should be
suspicious if .EXE files in an MS DOS computer have
unexplainedly grown by over 1800 bytes).
-
Attempts to write to system (a system manager notices
that a privileged user in a VMS system is attempting to
alter RIGHTSLIST.DAT).
-
Data modification or deletion (files start to disappear).
-
Denial of service (a system manager and all other users
become locked out of a UNIX system, now in single user mode).
-
Unexplained, poor system performance
-
Anomalies (frequent unexplained ``beeps'').
-
Suspicious probes (there are numerous unsuccessful login
attempts from another node).
-
Inability of a user to log in due to modifications of his/her
account.
- Short or incomplete or missing logs.
- Logs containing strange timestamps.
- Logs with incorrect permissions or ownership.
- Records of reboots or restarting of services.
- su entries or logins from strange places.
Next: Slide 24
Up: Network Security
Previous: Slide 22
Sridhar Iyer
2001-01-08