Layering an IDS on Linux - prepwork
Alan Cox
alan at redhat.com
Sun Aug 5 20:06:50 UTC 2007
On Sun, Aug 05, 2007 at 04:31:48PM +0200, Miloslav Trmac wrote:
> Repeated SIGABRT terminations might indicate an ongoing DoS attack, but
> isolated SIGABRT terminations need to be ignored, IMHO.
They probably want logging. You only need one attack. But you want to
log an abort/core dump of any system service/process anyway - because it
shouldn't be aborting and the dumb will be good gdb food
Alan
More information about the fedora-devel-list
mailing list