[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: rsync attempts?

On Sat, Dec 06, 2003 at 12:25:09AM +0100, Igor Mozetic wrote:
>I see repeated attempts to connect to my public rsync Debian server:
>Dec  6 00:20:01 rsync connection attempt from (>x.x.x.x:873)
>rsync and kernel are patched, but I wonder if there is anything
>one can do to identify/catch/??? a potential intruder.

some ISPs will respond to complaints, if their customers ar staging
attacks, most don't, you will want to script some kind of reporting
tool, use whois to find the owner of the subnet... in this case they may
do something about it: "Belarusian State University"

There is aris too:

Package: aris-extractor
Priority: optional
Section: admin
Installed-Size: 164
Maintainer: Matt Zimmerman <mdz@debian.org>
Architecture: i386
Version: 1.6.2-4
Depends: debconf, libc6 (>= 2.2.4-4), libcurl2-ssl (>= 7.9.5-1), libssl0.9.6, libstdc++2.10-glibc2.2
Recommends: snort
Filename: pool/main/a/aris-extractor/aris-extractor_1.6.2-4_i386.deb
Size: 38072
MD5sum: 7e95297b99c3725d60c94f8a24acebb0
Description: Scan system logs for security incidents and report them to ARIS
 The Attack Registry and Intelligence Service (ARIS) is a free,
 user-integrated attack-trending system hosted by SecurityFocus that
 allows administrators and operators of Intrusion Detection Systems
 (IDSs) to track, evaluate and respond to security alerts and attacks
 in a proactive manner.
 As an integral piece of the ARIS Analzyer service, SecurityFocus's
 open-source ARIS Extractor utility distills data provided by IDS
 attack-list logs to build client portfolios that provide meaningful,
 graphical analysis of potentially malicious network incidents. By
 filtering out insignificant or benign data and converting it to a
 common format (xml), ARIS Extractor streamlines incident reporting
 for both security professionals and home users in a way that allows
 IDS operators to focus only on relevant attacks and
 incidents. Additionally, ARIS Extractor ensures client
 confidentiality through secure file-transfer protocols and optional
 IP address suppression.

// George

GEORGE GEORGALIS, System Admin/Architect    cell: 646-331-2027    <IXOYE><
Security Services, Web, Mail,            mailto:george@galis.org 
Multimedia, DB, DNS and Metrics.       http://www.galis.org/george 

Reply to: