What specifically makes you think they logged in via telnet? Do you have a utmp (login) record, or just a telnet connection record, in your daemon logs? There's a difference. I've had occasional telnet attempts, but the only logins I've ever seen on my box were ones I could account for myself. When I *do* need to allow telnet, I open it up to as specific a set of IP addresses (one preferably) outside my local net as possible. ...and what are you doing allowing telnet in the first place? While it can be slightly useful in a local network, it's a severely insecure protocol, and you should probably have it open to local traffic only in /etc/hosts.allow. If you are supporting remote clients, there are ssh implementations for a wide range of hosts, including java implementations which will run in a browser. On Wed, Apr 26, 2000 at 05:57:54AM +0000, john smith wrote: > Hello, > > someone has telnetted to my machine and I want to know what he/she did > inside there.is there a way of knowing what "exactly" he/she did while > telnetted to my machine? i.e. what directories navigated, files downloaded, > etc? I tried to look for some logs in /var/log but I don't see any. > ________________________________________________________________________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com > > > -- > Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null > -- Karsten M. Self <kmself@ix.netcom.com> http:/www.netcom.com/~kmself What part of "Gestalt" don't you understand? http://gestalt-system.sourceforge.net/ GPG fingerprint: F932 8B25 5FDD 2528 D595 DC61 3847 889F 55F2 B9B0
Attachment:
pgpEs99J_LMm5.pgp
Description: PGP signature