Re: [SLUG] Hacker ID Software

From: Bleeber (bleeber@gmail.com)
Date: Fri Apr 22 2005 - 16:53:17 EDT

Next message: Doug Koobs: "Re: [SLUG] Wireless at Panera Bread"
Previous message: jeff: "Re: [SLUG] World's Worst Hacker - WAY off topic"
In reply to: John Pugh: "Re: [SLUG] Hacker ID Software"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I like Logwatch. I have been useing it for some time now. It pretty
much identifies any brute force attacks at a service running and then
I can add that IP to the list fo know bad ones.

Sample OutPut:

--------------------- proftpd-messages Begin ------------------------

**Unmatched Entries**
server.westhoo.com (207.224.46.200[207.224.46.200]) - no such user 'anonymous'
server.westhoo.com (207.224.46.200[207.224.46.200]) - no such user 'anonymous'
server.westhoo.com (83.198.243.73[83.198.243.73]) - no such user 'anonymous'
server.westhoo.com (83.198.243.73[83.198.243.73]) - no such user 'anonymous'
server.westhoo.com (83.198.243.73[83.198.243.73]) - no such user 'anonymous'
server.westhoo.com (83.198.243.73[83.198.243.73]) - no such user 'anonymous'
server.westhoo.com (83.198.243.73[83.198.243.73]) - no such user 'anonymous'

---------------------- proftpd-messages End -------------------------

--------------------- SSHD Begin ------------------------

Refused incoming connections:
62.75.161.15 (62.75.161.15): 10 Time(s)
69.3.9.250 (69.3.9.250): 4 Time(s)

---------------------- SSHD End -------------------------

###################### LogWatch End #########################

On 4/22/05, John Pugh <jpugh@novell.com> wrote:
> >>> cmarcak@tampabay.rr.com 04/21/05 12:34 pm >>>
> > I am looking for a program to start at boot up and report any hacking
> > attempt and there IP address. A GUI front end would be nice but not
> > necessary. I am running RH9.
>
> This begs the question as to what you define as a hacking attempt? Is it an attempt to exploit a known bug that exists in RH9? or could it be an ICMP request? or ???
>
> For intrusion detection, I personally would use a good firewall and a combination of several (not one) of the subsequent suggestions posted. For my laptop, I use the SUSEFirewall with modifications for my general usage as well as a combination of logging management tools to parse out all of the windows requests that I get reqularly. It's very interesting to see who is wide open to anything on my local subnet (and fun too I might add).
>
> <-SALES PLUG->
> http://www.novell.com/products/securitymanager
>
> JP
>
> -----------------------------------------------------------------------
> This list is provided as an unmoderated internet service by Networked
> Knowledge Systems (NKS). Views and opinions expressed in messages
> posted are those of the author and do not necessarily reflect the
> official policy or position of NKS or any of its employees.
>

-- The Bleeber

----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.

Next message: Doug Koobs: "Re: [SLUG] Wireless at Panera Bread"
Previous message: jeff: "Re: [SLUG] World's Worst Hacker - WAY off topic"
In reply to: John Pugh: "Re: [SLUG] Hacker ID Software"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:56:44 EDT