Well, I'd like to start off by thanking each and every one of you on this list for the help setting up ipchains and making me aware of portsentry and logcheck as I have effortlessly survived my first potential attack. I woke up this morning and headed upstate to the computer show not bothering to check my email. When I returned I had an email from logcheck telling be that portsentry had dumped a potential hacker into the bit bucket. I am sure most of you who have had the pleasure of receiving such an email know the joy I felt at that moment. Now I need some advice as to what I do next. Should I check any other logs to make sure he didn't get in? Should I report the incident to his local ISP. What steps do I take next? Thank you all again for the help! Steve BTW: Here is what I got from logcheck: Active System Attack Alerts =-=-=-=-=-=-=-=-=-=-=-=-=-= Jan 23 08:11:17 localhost portsentry[587]: attackalert: Connect from host: 1Cust249.tnt20.chi5.da.uu.net/63.20.110.249 to UDP port: 31337 Jan 23 08:11:17 localhost portsentry[587]: attackalert: Host 63.20.110.249 has been blocked via wrappers with string: "ALL: 63.20.110.249" Jan 23 08:11:17 localhost portsentry[587]: attackalert: Host 63.20.110.249 has been blocked via dropped route using command: "/sbin/ipchains -I input -s 63.20.110.249 -j DENY -l" Security Violations =-=-=-=-=-=-=-=-=-= Jan 23 08:11:17 localhost portsentry[587]: attackalert: Connect from host: 1Cust249.tnt20.chi5.da.uu.net/63.20.110.249 to UDP port: 31337 Jan 23 08:11:17 localhost portsentry[587]: attackalert: Host 63.20.110.249 has been blocked via wrappers with string: "ALL: 63.20.110.249" Jan 23 08:11:17 localhost portsentry[587]: attackalert: Host 63.20.110.249 has been blocked via dropped route using command: "/sbin/ipchains -I input -s 63.20.110.249 -j DENY -l" Unusual System Events =-=-=-=-=-=-=-=-=-=-= Jan 23 08:11:17 localhost portsentry[587]: attackalert: Connect from host: 1Cust249.tnt20.chi5.da.uu.net/63.20.110.249 to UDP port: 31337 Jan 23 08:11:17 localhost portsentry[587]: attackalert: Host 63.20.110.249 has been blocked via wrappers with string: "ALL: 63.20.110.249" Jan 23 08:11:17 localhost portsentry[587]: attackalert: Host 63.20.110.249 has been blocked via dropped route using command: "/sbin/ipchains -I input -s 63.20.110.249 -j DENY -l" -- To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject.
