What specifically makes you think they logged in via telnet? Do you
have a utmp (login) record, or just a telnet connection record, in your
daemon logs? There's a difference. I've had occasional telnet attempts,
but the only logins I've ever seen on my box were ones I could account
for myself. When I *do* need to allow telnet, I open it up to as specific
a set of IP addresses (one preferably) outside my local net as possible.
...and what are you doing allowing telnet in the first place? While it
can be slightly useful in a local network, it's a severely insecure
protocol, and you should probably have it open to local traffic only in
/etc/hosts.allow. If you are supporting remote clients, there are ssh
implementations for a wide range of hosts, including java
implementations which will run in a browser.
On Wed, Apr 26, 2000 at 05:57:54AM +0000, john smith wrote:
> Hello,
>
> someone has telnetted to my machine and I want to know what he/she did
> inside there.is there a way of knowing what "exactly" he/she did while
> telnetted to my machine? i.e. what directories navigated, files downloaded,
> etc? I tried to look for some logs in /var/log but I don't see any.
> ________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
>
>
> --
> Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
>
--
Karsten M. Self <kmself@ix.netcom.com> http:/www.netcom.com/~kmself
What part of "Gestalt" don't you understand?
http://gestalt-system.sourceforge.net/
GPG fingerprint: F932 8B25 5FDD 2528 D595 DC61 3847 889F 55F2 B9B0
Attachment:
pgpEs99J_LMm5.pgp
Description: PGP signature