Hello I've discovered that someone is trying to brute-hack all the UNIX systems in our company. I administer a small Linux server, luckely he didn't get in to mine... The thing is, this happened during a period when I was sick and at home... So, I'd like a system that monitors my Linux and takes actions (like mailing someone) when an attack occurs. Anyone got any ideas? Thanks Guy
So, I'd like a system that monitors my Linux and takes actions (like mailing someone) when an attack occurs.
Anyone got any ideas?
'Swatch' is quite good, available from http://www.stanford.edu/~atkins/swatch/ Allows you to filter logs, send mail based on keywords, etc. Assuming you like regex, that is :-) HTH - John
On Mon, 15 Jan 2001, tabanna wrote:
So, I'd like a system that monitors my Linux and takes actions (like mailing someone) when an attack occurs.
~ maybe 'PortSentry' is worth a look
best wishes
I am interested in this solution. Where can I find this software. Best regards.
On Tue, 16 Jan 2001, Luckson Bwalya [Asst Head - System Dev & Sup] wrote:
I am interested in this solution.
Psionic~ PortSentry ______________________ http://psionic.com/ best wishes -- ____________ sent on Linux ____________ 100% Virus Free! AMD Inside
On Tue, 16 Jan 2001, Luckson Bwalya [Asst Head - System Dev & Sup] wrote:
On Mon, 15 Jan 2001, tabanna wrote:
So, I'd like a system that monitors my Linux and takes actions (like mailing someone) when an attack occurs.
~ maybe 'PortSentry' is worth a look
best wishes
I am interested in this solution. Where can I find this software.
Hi, take a look at http://freshmeat.net. Look for Portsentry that will show you everything you need to know about Portsentry. Mit freundlichem Gruss With best regards Using SuSE Linux 7.0 on a PII 233 SMP Kernel: 2.2.18 -- +--- Rick Meredith / System13 -------------------------------------+ | Friedrich-Ebert-Strasse 48 Fon: +49 (0)6104-75549 | | 61379 Obertshausen Fax: +49 (0)6104-75549 | +--- Confucius say : He who play in root, eventually kill tree! ---+
hi this is just my idea...Suppose somebody portscans u using nmap , (say), he got lots of options, and if he is root on his comp, he can easily spoof the ip and he wont even do the connect scans. And IMO, as long as there is no connect scans(i'm talkingh aobut tcp only now), it is improbable that u are affected, other than as a lame DoS . So create a server from inetd, say from prot 1030, and run it as /bin/true and name it as NULL. from the tcp wrappers, log *everything* that even touches this port, and redirect all teh conneections to other p interesing ports to this. This is easily done using xinetd but u can use ipchains instead. For instance, supposing, i got to see who's the lame guy scannning me on 12345( my portsentry says attackalert and drops route.. but i need to know more..). so i redirect all the connections to 12345 to 1030, and since /bin/true ( i presume) is very safe, ican encourage that guy to initiate a connect scan and then feel the pinch. regards cheedu On Wed, 17 Jan 2001, Rick Meredith wrote:
On Tue, 16 Jan 2001, Luckson Bwalya [Asst Head - System Dev & Sup] wrote:
On Mon, 15 Jan 2001, tabanna wrote:
So, I'd like a system that monitors my Linux and takes actions (like mailing someone) when an attack occurs.
~ maybe 'PortSentry' is worth a look
best wishes
I am interested in this solution. Where can I find this software.
Hi, take a look at http://freshmeat.net. Look for Portsentry that will show you everything you need to know about Portsentry.
Mit freundlichem Gruss With best regards
Using SuSE Linux 7.0 on a PII 233 SMP Kernel: 2.2.18
-- +--- Rick Meredith / System13 -------------------------------------+ | Friedrich-Ebert-Strasse 48 Fon: +49 (0)6104-75549 | | 61379 Obertshausen Fax: +49 (0)6104-75549 | +--- Confucius say : He who play in root, eventually kill tree! ---+
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq
participants (6)
-
Guy Van Sanden -
John Cartwright -
Luckson Bwalya [Asst Head - System Dev & Sup] -
Rick Meredith -
Sridhar -
tabanna