Re: checking security logs

To: debian-security@lists.debian.org
Subject: Re: checking security logs
From: Gord Mc.Pherson <gordzilla@linuxfan.com>
Date: Tue, 23 Jan 2001 11:45:28 -0500
Message-id: <[🔎] 20010123114528.0be27e6a.gordzilla@linuxfan.com>
In-reply-to: <[🔎] 87k87me0vt.fsf@winter.inter-i.uni-mainz.de>
References: <l03130301b692e85f727f@[172.16.1.4]> <[🔎] 20010123090130.B9385@davidduffey.com> <[🔎] 87k87me0vt.fsf@winter.inter-i.uni-mainz.de>

Hi,

  Perhaps 'iptraf' or 'netwatch' (both available on freshmeat) and 'netstat' could be used to identify what/who is generating the traffic on your system. I'd also concur with a previous comment about 'portsentry', since it's possible to spoof an address and have portsentry block it.. it there for becomes an effective tool for a hacker to use as a DoS. For example, I could find out what your ISP's DNS servers are, spoof those addresses and have your portsentry block them. This would cut you off from the net until you manually corrected it.

-- Gord

Reply to:

Follow-Ups:
- Re: checking security logs
  - From: David Duffey <email@davidduffey.com>
- Re: checking security logs
  - From: Jordan Bettis <jordanb@hafd.org>

References:
- checking security logs
  - From: John Reinke <jmreinke@ukans.edu>
- Re: checking security logs
  - From: David Duffey <email@davidduffey.com>
- Re: checking security logs
  - From: Rainer Weikusat <weikusat@mail.uni-mainz.de>

Prev by Date: Re: checking security logs
Next by Date: Re: checking security logs
Previous by thread: Re: chroot (was: checking security logs)
Next by thread: Re: checking security logs
Index(es):
- Date
- Thread