>>>>> "DP" == Dan Pomohaci <[EMAIL PROTECTED]> writes:
DP> Wich program send e-mail with this warnings in Subject field:
DP> NORMAL_ATTACK from sandwich.math.unibuc.ro - target gw1.usab.ro
DP> or
DP> HEAVY_ATTACK from sandwich.math.unibuc.ro - target gw1.usab.ro
DP> and how can I get more information about this attack?
This is courtney.
Check the logfiles in /var/log. Especially auth.log, daemon.log, messages,
syslog and setuid*
The mail you got also states the day and time, so you can easily extract
the proper entries.
If you see intrusion attempts (like attempts to access via rsh, rlogin ftp,
telnet etc.) at a short time, this is a indicator of a portscanner
programm like satan.
Inform the authorities ([EMAIL PROTECTED] and [EMAIL PROTECTED] should do
it) and send them the relevant parts of your logfile. If they don't react,
you might want to add math.unibuc.ro to your /etc/hosts.deny. This will
prevent any contact from this domain to inetd services, but security comes
first.
Ciao,
Martin
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
