| View previous topic :: View next topic |
| Author |
Message |
solamour
l33t
Joined: 21 Dec 2004
Posts: 726
Location: San Diego, CA
|
 Posted: Sat Jan 08, 2005 12:31 pm Post subject: [Solved] How to monitor possible intrusion? |
 |
|
Hello, everyone.
While I was experimenting with netstat, I noticed an unfamiliar IP address was making a connection to my sshd. "traceroute" revealed that this IP might be from a half way around the world.
I blocked the IP with the Shorewall, but when I took a look at "/var/log/everything/current" file, this person had been trying very hard to login to my system; common English names are used as the login ID, but none got through. Some kind of script must have been used.
Is there any way I would get notified (via email or other means) if someone tries breaking into my system? I'm fairly new to Gentoo and Linux in general, so something basic would be extra helpful. Thanks.
__
sol
Last edited by solamour on Sun Mar 15, 2009 8:19 am; edited 2 times in total |
|
| Back to top |
|
 |
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Sat Jan 08, 2005 12:40 pm Post subject: |
|
|
www.snort.org
It doesn't stop attacks, but it can and does detect 99% of them 
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
