Linux Journal: Responding to a Security Incident | Linux Today

Linux Journal: Responding to a Security Incident

Written By
Web Webster
Web Webster
Mar 15, 2001

“By now, nearly everyone who has been using Linux for some time
and had their system connected to the Internet has seen attempts to
compromise their security. The question that often comes up is what
to do about it. Unless it’s a financial or safety issue, it’s
probably going to get laughed at by the legal authorities, but it’s
worth reporting.”

“I spend a good chunk of my time on mailing lists and
organizations concerned with monitoring hacker activity. Such lists
are the INCIDENTS list from SecurityFocus.com and the SANS GIAC
effort, providing a daily update of hacker activities from various
parties around the world. Often, the question of the value of
reporting an incident is debated. I routinely counsel people to
report most incidents they see. What this does for the ISP is help
them gather information about a set of independently correlated
data about a nefarious customer or a compromised machine on their
network. Just don’t expect much to be done about it. Most ISPs
don’t react and aren’t very neighborly. Some of us in the business
routinely block entire networks from connecting to our networks
based on their patterns of allowing unseemly activity to
continue.”

“We’ll not go into detecting incidents, but we will define them
as port probes, port scans, denial of service (DoS) attempts and
unauthorized access attempts. Each of these warrants investigation,
some more than others. Combining intrusion detection software with
log analysis (which you should be doing anyhow), these events
should stand out.”

Complete
Story

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.