In fact why not just be really cruel: install the dtk (deception toolkit) - find it at all.net - and then watch the hackers think that they've found a vulnerable box and try to exploit it whilst you gather enough information about them to... [fill in as necessary]. Of course all the files that they manage to steal from your system are faked, then they'll waste 2 days running a brute force cracker and will then get upset when the usernames/passwords don't work... Nice! ;-) Matthew On Wed, Aug 15, 2001 at 09:59:27AM +0200, J?rgen Persson wrote: > On Wed, Aug 15, 2001 at 09:37:51AM +0200, Siegbert Baude wrote: > > Hello, > > > > I get about 100 log entries of the following pattern: > > > > Aug 14 01:29:01 myserver sshd[27175]: Disconnecting: crc32 compensation > > attack: network attack detected > > > > > > What?s this? > > I do not know. > > > > How can I find out, from where this attack is originating? Must I increase > > the verbositiy level of sshd to achieve this? > > sshd might be able to do it. I'm logging the originating adress through > my internet services daemon. I happen to use tcpserver[1] but inetd[2] > and xinetd[3] ought to be able to do it as well. A second alternative is > to do it through a tcpwrapper like Venemas[4]. > > J?rgen > [1] http://cr.yp.to/ucspi.tcp/tcpserver.html > [2] ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/ > [3] http://www.xinetd.org/ > [4] ftp://ftp.porcupine.org/pub/security/ > > > -- > To UNSUBSCRIBE, email to debian-security-request@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org > > -- Matthew Sackman Nottingham, ENGLAND Using Debian/GNU Linux Enjoying computing It said 'Required Windows XP or better.' So I installed Linux.
Attachment:
pgp8ozLzHUvIf.pgp
Description: PGP signature