|
|
|
|
|
|
by cyphar
2416 days ago
|
|
|
I should've said "limited in usefulness for detecting moderately-clever attackers" rather than just flat-out "useless". Monitoring is obviously a useful tool regardless of whether it will always help you detect attackers in your network. You could use nf_conntrack on the host as well but that could also be bypassed by a root process on the host. |
|
|